segfault in wpa_ctrl_request
Jouni Malinen
j at w1.fi
Fri Jan 15 09:52:53 PST 2016
On Thu, Jan 14, 2016 at 11:28:40AM -0500, marc miller wrote:
> I am using wpa_supplicant to control wifi on one of my arm based
> platforms. I'm using 2.2 . I see sometimes that my process segfaults
> and backtrace points it to wpa_ctrl_request.
>
> In the latest instance , i saw it point to wpa_ctrl.c:521 -->
> "
> if (FD_ISSET(ctrl->s, &rfds)) {
> "
>
> This happened when my process tried to do this:
> if (wpa_ctrl_request(g_ctrl_conn,"DISCONNECT",10,buf,&len,NULL) < 0)
Is there any chance of this process using multiple threads and another
thread closing the control socket while this command is still executing?
That's one case I remember someone being able to hit a crash in
wpa_ctrl.c.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list