segfault in wpa_ctrl_request

Jouni Malinen j at w1.fi
Fri Jan 15 09:52:53 PST 2016


On Thu, Jan 14, 2016 at 11:28:40AM -0500, marc miller wrote:
> I am using wpa_supplicant to control wifi on one of my arm based
> platforms. I'm using 2.2 . I see sometimes that my process segfaults
> and backtrace points it to wpa_ctrl_request.
> 
> In the latest instance , i saw it point to wpa_ctrl.c:521 -->
> "
>         if (FD_ISSET(ctrl->s, &rfds)) {
> "
> 
> This happened when my process tried to do this:
>       if (wpa_ctrl_request(g_ctrl_conn,"DISCONNECT",10,buf,&len,NULL) < 0)

Is there any chance of this process using multiple threads and another
thread closing the control socket while this command is still executing?
That's one case I remember someone being able to hit a crash in
wpa_ctrl.c.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list