diff options
author | Cy Schubert <cy@FreeBSD.org> | 2023-04-06 04:07:15 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2023-04-06 14:27:24 +0000 |
commit | 953efa5b200f060564a090ab71b3d7f614a35e3f (patch) | |
tree | e7468dab8362ad09ee54c53845d90682882d48b1 | |
parent | 5cb402cc89c01e0a1f18f8c6a4c7d9cfc10d26ab (diff) | |
download | src-953efa5b200f060564a090ab71b3d7f614a35e3f.tar.gz src-953efa5b200f060564a090ab71b3d7f614a35e3f.zip |
wpa_supplicant/hostapd: Fix uninitialized packet pointer on error
The packet pointer (called packet) will remain uninitialized when
pcap_next_ex() returns an error. This occurs when the wlan
interface is shut down using ifconfig destroy. Adding a NULL
assignment to packet duplicates what pcap_next() does.
The reason we use pcap_next_ex() in this instance is because with
pacp_next() when we receive a null pointer if there was an error
or if no packets were read. With pcap_next_ex() we can differentiate
between an error and legitimately no packets were received.
PR: 270649
Reported by: Robert Morris <rtm@lcs.mit.edu>
Fixes: 6e5d01124fd4
MFC after: 3 days
-rw-r--r-- | contrib/wpa/src/l2_packet/l2_packet_freebsd.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c index 0461758ff210..7b96bd033c87 100644 --- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c +++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c @@ -85,6 +85,7 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx) if (pcap_next_ex(pcap, &hdr, &packet) == -1) { wpa_printf(MSG_ERROR, "Error reading packet, has device disappeared?"); + packet = NULL; eloop_terminate(); } |