On Tue, 2009-12-15 at 11:03 +0100, Johannes Berg wrote: > On Tue, 2009-12-15 at 01:43 -0800, David Miller wrote: > > > > The effect is that after a number of mode transistions (sometimes as few > > > as two sufficed), the kernel will oops at very strange locations, mostly > > > in something like __kmem_alloc(). > > > > > > While the root cause turned out to be an issue with the wpa-supplicant > > > which feeds the kernel driver with garbage, this occasion pointed out a > > > bug in the wireless wext core when SSIDs with 32 byte lengths are passed > > > from userspace. In this case, the string is not properly NULL-terminated > > > which causes some other part to corrupt memory. And, I forgot to mention, this is in fact not an issue or the "root cause" of any issues -- it's completely intentional that wpa_supplicant feeds the kernel with a random, valid, 32-byte SSID. johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
