From patchwork Fri Sep 27 14:40:23 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jouni Malinen X-Patchwork-Id: 278604 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "maxx.shmoo.com", Issuer "CA Cert Signing Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id C94C12C00C4 for ; Sat, 28 Sep 2013 00:41:20 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id EE3F89C30D; Fri, 27 Sep 2013 10:41:17 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BydplTPcgBYW; Fri, 27 Sep 2013 10:41:17 -0400 (EDT) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 545AC17C027; Fri, 27 Sep 2013 10:41:12 -0400 (EDT) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id E66CC9C30D for ; Fri, 27 Sep 2013 10:41:10 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JdAJuYxSBRa0 for ; Fri, 27 Sep 2013 10:41:05 -0400 (EDT) Received: from jmaline2.user.openhosting.com (kvm.w1.fi [128.177.28.162]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id 242D617C059 for ; Fri, 27 Sep 2013 10:41:05 -0400 (EDT) Received: from jm (a91-155-82-114.elisa-laajakaista.fi [91.155.82.114]) (authenticated bits=0) by jmaline2.user.openhosting.com (8.13.8/8.13.8) with ESMTP id r8REeujo027927 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 27 Sep 2013 10:40:58 -0400 Received: by jm (sSMTP sendmail emulation); Fri, 27 Sep 2013 17:40:23 +0300 Date: Fri, 27 Sep 2013 17:40:23 +0300 From: Jouni Malinen To: Matt Causey Subject: Re: wpa_supplicant segfault in large WLAN Message-ID: <20130927144023.GA8151@w1.fi> Mail-Followup-To: Matt Causey , Ben Greear , "hostap@lists.shmoo.com" References: <524485A1.9000803@candelatech.com> <52448ADA.6020002@candelatech.com> <20130926202919.GA20037@w1.fi> <20130926220312.GB20576@w1.fi> <20130927131321.GA7734@w1.fi> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Ben Greear , "hostap@lists.shmoo.com" X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.11 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com On Fri, Sep 27, 2013 at 09:16:38AM -0400, Matt Causey wrote: > I'll do it straight-away. Thanks for all your help! Shall I expect these > patches to apply cleanly to the wpa_supplicant-2.0 release or should we > migrate to hostap.git HEAD in our stack? Like you noticed, the second commit did not apply cleanly. That's the commit that should not really matter for you in practice. Anyway, if you want to apply these on top of 2.0, you can use the attached patches. From fec2df6e57e0322eaf3ce4690102aa87aff00ac7 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 27 Sep 2013 16:00:50 +0300 Subject: [PATCH 2/2] Make sure updated BSS entry does not get added twice to the list When the BSS table is being updated based on new scan results, a BSS entry could end up getting added into last_scan_res list multiple times if the scan results from the driver includes duplicated values. This should not happen with driver_nl80211.c since it filter outs duplicates, but in theory, other driver wrappers could indicate such scan results. Anyway, it is safer to make sure this cannot happen by explicitly verifying the last_scan_res list before adding an updated BSS entry there. A duplicated entry in the list could potentially result in freed memory being used if there is large enough number of BSSes in the scan results to cause removal of old BSS entries. Signed-hostap: Jouni Malinen Conflicts: wpa_supplicant/bss.c --- wpa_supplicant/bss.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c index 06e7064..bb11b03 100644 --- a/wpa_supplicant/bss.c +++ b/wpa_supplicant/bss.c @@ -597,8 +597,18 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s, bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]); if (bss == NULL) bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res); - else + else { bss = wpa_bss_update(wpa_s, bss, res); + if (wpa_s->last_scan_res) { + unsigned int i; + for (i = 0; i < wpa_s->last_scan_res_used; i++) { + if (bss == wpa_s->last_scan_res[i]) { + /* Already in the list */ + return; + } + } + } + } if (bss == NULL) return; -- 1.7.9.5