kern/55424: urtwn(4) panics when setting (invalid) channel

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/55424: urtwn(4) panics when setting (invalid) channel
From: jruohonen%iki.fi@localhost
Date: Sat, 27 Jun 2020 04:00:01 +0000 (UTC)

>Number:         55424
>Category:       kern
>Synopsis:       urtwn(4) panics when setting (invalid) channel
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jun 27 04:00:00 +0000 2020
>Originator:     jruohonen%iki.fi@localhost
>Release:        NetBSD 9.99.68
>Organization:
>Environment:
System: NetBSD kafka 9.99.68 NetBSD 9.99.68 (CUSTOM) #0: Tue Jun 23 11:22:56 EEST 2020 jruoho@kafka:/tmp/obj/sys/arch/amd64/compile/CUSTOM amd64
Architecture: x86_64
Machine: amd64
>Description:
The urtwn(4) driver panics when setting an invalid channel (e.g., 14 for 11a). 
>How-To-Repeat:

# ifconfig urtwn1 up
# ifconfig urtwn1 mode 11a
# ifconfig urtwn1 chan 1

Trace (hand-copied):

[...]
stopped in pid 10540.10540 (ifconfig) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
vpanic() t netbsd:vpanic+0x152
__x86_indirect_thunk_rax() at netbsd:__x86_indirect_trunk_rax
urtwn_set_chan.constprop.16() at netbsd:urtwn_set_chan.constprop.160x84f
urtwn_ioctl() at netbsd:urtwn_ioctl+0x132
doifioctl() at netbsd:doifioctl+0x92e
sys_ioctl() at netbsd:sys_ioctl+0x550
syscal() at netbsd:syscall+0x26e
[...]

>Fix:
Input validation?

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: PR/35045 CVS commit: src
Previous by Thread: bin/55423: /bin/csh freezes when some interactive programs are suspended
Next by Thread: PR/35045 CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index