NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/39393: ioctl(SIOCSIFADDR) on an 802.11 interface may call its if_init routine with a bogus argument
>Number: 39393
>Category: kern
>Synopsis: ioctl(SIOCSIFADDR) on an 802.11 interface may call its if_init
>routine with a bogus argument
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Aug 22 21:35:00 +0000 2008
>Originator: Taylor R Campbell <campbell%mumble.net@localhost>
>Release: NetBSD 4.0_STABLE
>Organization:
>Environment:
System: NetBSD slate.localdomain 4.0_STABLE NetBSD 4.0_STABLE (RIABWI) #21: Fri
Aug 22 11:17:44 EDT 2008
riastradh%Oberon.local@localhost:/Users/riastradh/os/netbsd/4/obj/sys/arch/macppc/compile/RIABWI
macppc
Architecture: powerpc
Machine: macppc
>Description:
The implementation of the SIOCSIFADDR ioctl command in
sys/net80211/ieee80211_ioctl.c contains the following line
twice:
ifp->if_init(ifp->if_softc);
The if_init routine, however, accepts an ifnet struct, not a
softc struct, which is obviously incompatible. These lines
trigger no warning, of course, because ifp->if_softc is a
pointer to void.
>How-To-Repeat:
I don't know immediately what code paths lead to these lines;
it may be that none do.
>Fix:
Apply the following patch:
--- ieee80211_ioctl.c 15 Jun 2008 01:53:23 +0000 1.49
+++ ieee80211_ioctl.c 22 Aug 2008 21:13:39 +0000
@@ -2562,7 +2562,7 @@
case AF_INET:
if ((ifp->if_flags & IFF_UP) == 0) {
ifp->if_flags |= IFF_UP;
- ifp->if_init(ifp->if_softc);
+ ifp->if_init(ifp);
}
arp_ifinit(ifp, ifa);
break;
@@ -2588,7 +2588,7 @@
default:
if ((ifp->if_flags & IFF_UP) == 0) {
ifp->if_flags |= IFF_UP;
- ifp->if_init(ifp->if_softc);
+ ifp->if_init(ifp);
}
break;
}
Home |
Main Index |
Thread Index |
Old Index