Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-02-06 04:04:01 -05:00
Code Issues Projects Releases Wiki Activity
1019a696a7
fragattacks/src/drivers
History
Jouni Malinen fd630bc183 Fixed WEXT scan result parser to not crash on invalid IEs (zero len buffer) 
If IWEVGENIE or custom event wpa_ie/rsn_ie is received in scan with empty
buffer, the previous version ended up calling realloc(NULL, 0) which seems
to return a non-NULL value in some cases. When this return value is passed
again into realloc with realloc(ptr, 0), the returned value could be NULL.
If the ptr is then freed (os_free(data.ie) in SIOCGIWAP handling), glibc
may crash due to invalid pointer being freed (or double-freed?). The
non-NULL realloc(NULL, 0) return value from glibc looks a bit odd behavior,
but anyway, better avoid this case completely and just skip the IE events
that have an empty buffer.

This issue should not show up with drivers that produce proper scan results
since the IEs will always include the two-octet header. However, it seems
to be possible to see this when using 64-bit kernel and 32-bit userspace
with incorrect compat-ioctl processing.
2008-08-27 09:52:16 +03:00
..
.gitignore Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
Apple80211.h Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_atmel.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_broadcom.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_bsd.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_hostap.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_hostap.h Fix compile warnings on 64-bit systems 2008-06-06 14:17:03 +03:00
driver_iphone.m Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_ipw.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_madwifi.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_ndis_.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_ndis.c Fixed MinGW build without CONFIG_NDIS_EVENTS_INTEGRATED defined 2008-08-10 18:11:41 +03:00
driver_ndis.h Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_ndiswrapper.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_nl80211.c Fixed WEXT scan result parser to not crash on invalid IEs (zero len buffer) 2008-08-27 09:52:16 +03:00
driver_osx.m Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_prism54.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_privsep.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_ps3.c Some cleanup for the new driver wrapper for PS3 2008-03-13 19:05:45 +02:00
driver_ralink.c driver_ralink: Make sure assoc_{req,resp}_ies do not get double-freed 2008-02-27 17:53:22 -08:00
driver_ralink.h Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_test.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver_wext.c Fixed WEXT scan result parser to not crash on invalid IEs (zero len buffer) 2008-08-27 09:52:16 +03:00
driver_wext.h WEXT: Fixed re-initialization of removed and re-inserted interface 2008-07-25 01:30:53 +03:00
driver_wired.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
driver.h Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
drivers.c Added a preliminary nl80211/cfg80211 driver interface for wpa_supplicant 2008-06-06 16:55:42 +03:00
Makefile Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
MobileApple80211.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
MobileApple80211.h Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
ndis_events.c Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
priv_netlink.h Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00
radiotap_iter.h nl80211: Preliminary code for usermode MLME support 2008-08-15 22:14:49 +03:00
radiotap.c nl80211: Preliminary code for usermode MLME support 2008-08-15 22:14:49 +03:00
radiotap.h nl80211: Preliminary code for usermode MLME support 2008-08-15 22:14:49 +03:00
scan_helpers.c Fixed wpa_scan_get_max_rate() to clear the basicrate flag when determining 2008-07-15 20:05:50 +03:00