Modify

Opened 20 months ago

#22648 new defect

hostapd crashed when wps is activing.

Reported by: qgj1230@… Owned by: developers
Priority: low Milestone: Designated Driver (Trunk)
Component: packages Version: Trunk
Keywords: hostapd Cc:

Description

I test hostapd's wps function,but it crashed when I press the WPS-button.Below is the callstack of GDB:
(gdb) bt
#0 free (p=0x1) at src/malloc/malloc.c:450
#1 0x00419e25 in wpabuf_free (buf=0x7742e000) at ../src/utils/wpabuf.c:202
#2 0x004481e5 in dh5_init (priv=priv@entry=0x7742e928, publ=publ@entry=0x7fa1f564) at ../src/crypto/dh_group5.c:18
#3 0x00435bf9 in wps_build_public_key (wps=wps@entry=0x7742e850, msg=msg@entry=0x9ca1c0) at ../src/wps/wps_attr_build.c:68
#4 0x00438d0d in wps_build_m2 (wps=0x7742e850) at ../src/wps/wps_registrar.c:1834
#5 wps_registrar_get_msg (wps=0x7742e850, op_code=op_code@entry=0x7742e494) at ../src/wps/wps_registrar.c:2088
#6 0x0043478d in wps_get_msg (wps=<optimized out>, op_code=op_code@entry=0x7742e494) at ../src/wps/wps.c:226
#7 0x00451a63 in eap_wsc_buildReq (sm=<optimized out>, priv=0x7742e480, id=3 '\003') at ../src/eap_server/eap_server_wsc.c:251
#8 0x00439d8d in sm_EAP_METHOD_REQUEST_Enter (sm=sm@entry=0x7742e6d0, global=0) at ../src/eap_server/eap_server.c:403
#9 0x0043a817 in sm_EAP_Step (sm=0x7742e6d0) at ../src/eap_server/eap_server.c:1282
#10 eap_server_sm_step (sm=0x7742e6d0) at ../src/eap_server/eap_server.c:1789
#11 0x0041d5eb in eapol_sm_step_run (sm=sm@entry=0x7742e570) at ../src/eapol_auth/eapol_auth_sm.c:948
#12 0x0041d8a1 in eapol_sm_step_cb (eloop_ctx=eloop_ctx@entry=0x7742e570, timeout_ctx=timeout_ctx@entry=0x0) at ../src/eapol_auth/eapol_auth_sm.c:980
#13 0x00418c7b in eloop_run () at ../src/utils/eloop.c:1009
#14 0x00405ecd in hostapd_global_run (ifaces=<optimized out>, daemonize=<optimized out>, pid_file=<optimized out>) at main.c:422
#15 hostapd_main (argc=argc@entry=5, argv=argv@entry=0x7fa1f954) at main.c:788
#16 0x00405387 in main (argc=5, argv=0x7fa1f954) at ./files/multicall.c:15
(gdb)

I found that the dh5_init(in /src/crypto/dh_group5.c) may free not allocated memory. So I remove this line,and Hostapd's wps work normal.

void * dh5_init(struct wpabuf priv, struct wpabuf publ)
{

  • wpabuf_free(*publ);

*publ = dh_init(dh_groups_get(5), priv);
if (*publ == NULL)

return NULL;

Attachments (1)

wps_dh5_init.patch (328 bytes) - added by qgj1230@… 20 months ago.
sorry for possible wrong git diff format.

Download all attachments as: .zip

Change History (1)

Changed 20 months ago by qgj1230@…

sorry for possible wrong git diff format.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.