aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2018-08-21 19:17:35 +0000
committerCy Schubert <cy@FreeBSD.org>2018-08-21 19:17:35 +0000
commitcdba33f23c66f12b400f842d952608c9eedca86f (patch)
treee1dde2c94cf4f54c4c999a8b657576e742ed2844
parent28f4f623039093d7b09fda4214c48e3e8f912d2a (diff)
downloadsrc-cdba33f23c66f12b400f842d952608c9eedca86f.tar.gz
src-cdba33f23c66f12b400f842d952608c9eedca86f.zip
For CID 1394785, add a comment explaining that global->event_buf is
not really a char * but a struct rt_msghdr *. MFC after: 3 days
Notes
Notes: svn path=/head/; revision=338154
-rw-r--r--contrib/wpa/src/drivers/driver_bsd.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/contrib/wpa/src/drivers/driver_bsd.c b/contrib/wpa/src/drivers/driver_bsd.c
index 65282228d4f9..e8ee0440c12e 100644
--- a/contrib/wpa/src/drivers/driver_bsd.c
+++ b/contrib/wpa/src/drivers/driver_bsd.c
@@ -1234,6 +1234,11 @@ wpa_driver_bsd_event_receive(int sock, void *ctx, void *sock_ctx)
struct ieee80211_join_event *join;
int n;
+ /*
+ * CID 1394785: Memory - illegal access (STRING_NULL):
+ * Though global->event_buf is a char *, it actually contains
+ * a struct rt_msghdr *. See below.
+ */
n = read(sock, global->event_buf, global->event_buf_len);
if (n < 0) {
if (errno != EINTR && errno != EAGAIN)
@@ -1242,6 +1247,10 @@ wpa_driver_bsd_event_receive(int sock, void *ctx, void *sock_ctx)
return;
}
+ /*
+ * CID 1394785: global->event_buf is assigned here to a
+ * struct rt_msghdr *.
+ */
rtm = (struct rt_msghdr *) global->event_buf;
if (rtm->rtm_version != RTM_VERSION) {
wpa_printf(MSG_DEBUG, "Invalid routing message version=%d",