d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

For CID 1394785, add a comment explaining that global->event_buf is

Browse Source 
not really a char * but a struct rt_msghdr *.

MFC after:	3 days
This commit is contained in:
Cy Schubert 2018-08-21 19:17:35 +00:00
parent 28f4f62303
commit cdba33f23c
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=338154
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
contrib/wpa/src/drivers/driver_bsd.c
View File

@ -1234,6 +1234,11 @@ wpa_driver_bsd_event_receive(int sock, void *ctx, void *sock_ctx)
struct ieee80211_join_event *join;
int n;
/*
* CID 1394785: Memory - illegal access (STRING_NULL):
* Though global->event_buf is a char *, it actually contains
* a struct rt_msghdr *. See below.
*/
n = read(sock, global->event_buf, global->event_buf_len);
if (n < 0) {
if (errno != EINTR && errno != EAGAIN)
@ -1242,6 +1247,10 @@ wpa_driver_bsd_event_receive(int sock, void *ctx, void *sock_ctx)
return;
}
/*
* CID 1394785: global->event_buf is assigned here to a
* struct rt_msghdr *.
*/
rtm = (struct rt_msghdr *) global->event_buf;
if (rtm->rtm_version != RTM_VERSION) {
wpa_printf(MSG_DEBUG, "Invalid routing message version=%d",