Hi, guys I have figured out what's going a few days a ago on OpenWrt DD. This issue is caused by the uninitialized ptr of wpa buffer, which is introduced by the following commit: 2015-11-29 20:53 Jouni Malinen o Fix memory leak on NFC DH generation error path Commit ID: 4104267e81b0a0acdb43f693a67f236b3237a719 In this patch, "wpabuf_free" is called in "dh5_init", which assumes that ptr of wpa buffer is already set. But actually ptr of wpa buffer may be still uninitialized. I have generated the patch for these issue. 2016-05-10 15:18 GMT+08:00 Xue Liu <xue.liu@xxxxxxxxxxxx>: > Hello > > > On 28/04/16 19:06, Jouni Malinen wrote: >> >> On Thu, Apr 28, 2016 at 01:31:05PM +0200, Xue Liu wrote: >>> >>> I have removed the patch and generate a new hostapd program. Then I >>> run the program with -d option, and there is no wpabuf overflow, but >>> my Nexus 9 still can not make a connection with Clearfog board via >>> WPS. Since the debug info is quite a lot. I put them in the >>> attachment. Thank you. >> >> Thanks. This looks like something completely different. The client >> device does not seem to even try to associate with the AP. It does go >> through Authentication frame exchange, but then nothing.. The debug >> patch should have no impact on this type of functionality, so it is a >> bit difficult to say what caused this. >> >>> root@OpenWrt:~# hostapd -d hostapd.cfg >> >> Or are you maybe running this over a slow serial port connection? If so, >> there will likely be a significant extra latency on operations and it >> would be better to direct the output to a file with something like >> >> hostapd -dd hostapd.cfg > /tmp/hostapd.log >> > Yes. I am running hostapd over a serial port connection. > I did another test last few days and I found the problem is not in the > hostapd but in wps_supplicant. During the connection via WPS, the > wps_supplicant has "Segmentation fault". I run wpa_supplicant with > "/usr/sbin/wpa_supplicant -dd -P /var/run/wpa_supplicant-wlan0.pid -D > nl80211 -i wlan0 -c wpa_supplicant-wlan0.conf -C /var/run/wpa_supplicant". > > In addition I compile the wpad with TARGET_CFLAGS += -ggdb3. I run "gdb > /usr/sbin/wpa_supplicant" and then "run -dd -P > /var/run/wpa_supplicant-wlan0.pid -D nl80211 -i wlan0 -c > wpa_supplicant-wlan0.conf -C /var/run/wpa_supplicant“. When segmentation > fault appears after "WPS: Generate new DH keys", I run "bt". > > In the attachment you can find the wpa_supplicant_gdb.log file and > wps_supplicant-wlan0.conf file. It seems that there is no useful backtrace > info. > > I would like also to say that in the OpenWRT I use wpad package to replace > wpa_supplicant and hostapd. I am a newbie of it, and I don't know what is > the differences. > > Regards, > > Xue Liu > > _______________________________________________ > Hostap mailing list > Hostap@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/hostap >
Attachment:
0001-Fix-un-set-pointer-which-cause-segment-fault.patch
Description: Binary data
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
