From 1e0ca65a3bb5798a80eccaae58d863f1f08b9ae8 Mon Sep 17 00:00:00 2001
From: Cy Schubert <cy@FreeBSD.org>
Date: Wed, 13 Apr 2022 18:45:49 -0700
Subject: [PATCH] wpa: Correctly call pcap_next_ex()

The second argument to pcap_next_ex() is a pointer to a pointer.
Not a pointer. This fixes a wpa_supplicent SIGSEGV.

PR:		263266
Reported by:	Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
Fixes:		6e5d01124fd4dd57899ddd9260c76dbb43543aa7
MFC:		immediately
---
 contrib/wpa/src/l2_packet/l2_packet_freebsd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
index da742f432120..0461758ff210 100644
--- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
+++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
@@ -77,7 +77,7 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
 {
 	struct l2_packet_data *l2 = eloop_ctx;
 	pcap_t *pcap = sock_ctx;
-	struct pcap_pkthdr hdr;
+	struct pcap_pkthdr *hdr;
 	const u_char *packet;
 	struct l2_ethhdr *ethhdr;
 	unsigned char *buf;
@@ -88,16 +88,16 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
 		eloop_terminate();
 	}
 
-	if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr))
+	if (!l2->rx_callback || !packet || hdr->caplen < sizeof(*ethhdr))
 		return;
 
 	ethhdr = (struct l2_ethhdr *) packet;
 	if (l2->l2_hdr) {
 		buf = (unsigned char *) ethhdr;
-		len = hdr.caplen;
+		len = hdr->caplen;
 	} else {
 		buf = (unsigned char *) (ethhdr + 1);
-		len = hdr.caplen - sizeof(*ethhdr);
+		len = hdr->caplen - sizeof(*ethhdr);
 	}
 	l2->rx_callback(l2->rx_callback_ctx, ethhdr->h_source, buf, len);
 }