low-level network programming is sick. some wlan-drivers don't honor struct sizes

and simply write bytes _after_ the struct... this patch makes calling SIOCGIWRANGE more failure-proof.
author: mickeyl <mickeyl> 2003-04-04 10:31:26 (UTC)
committer: mickeyl <mickeyl> 2003-04-04 10:31:26 (UTC)
commit: 089385bb8ab768fbf6f394f326e565e3589163fc (patch) (unidiff)
tree: 23891b81b11310186c43179612531bc92e52ae65 /libopie2
parent: 7da7e9cbfb52988ce801310f66b1336e0809db28 (diff)
download: opie-089385bb8ab768fbf6f394f326e565e3589163fc.zip
opie-089385bb8ab768fbf6f394f326e565e3589163fc.tar.gz
opie-089385bb8ab768fbf6f394f326e565e3589163fc.tar.bz2
3 files changed, 47 insertions, 30 deletions
diff --git a/libopie2/opienet/onetutils.cpp b/libopie2/opienet/onetutils.cpp
index fd8f9e9..b317810 100644
--- a/libopie2/opienet/onetutils.cpp
+++ b/libopie2/opienet/onetutils.cpp
@@ -185 +185,2 @@ void dumpBytes( const unsigned char* data, int num )
 }
diff --git a/libopie2/opienet/onetwork.cpp b/libopie2/opienet/onetwork.cpp
index 66fa215..789e8ca 100644
--- a/libopie2/opienet/onetwork.cpp
+++ b/libopie2/opienet/onetwork.cpp
@@ -130,4 +130,4 @@ bool ONetwork::isWirelessInterface( const char* name ) const
    int sfd = socket( AF_INET, SOCK_STREAM, 0 );
-    iwreqstruct iwr;
+    struct iwreq iwr;
-    memset( &iwr, 0, sizeof( iwreqstruct ) );
+    memset( &iwr, 0, sizeof( struct iwreq ) );
    strcpy( (char*) &iwr.ifr_name, name );
@@ -154,3 +154,3 @@ ONetworkInterface::ONetworkInterface( QObject* parent, const char* name )
-ifreqstruct& ONetworkInterface::ifr() const
+struct ifreq& ONetworkInterface::ifr() const
 {
@@ -174,3 +174,3 @@ void ONetworkInterface::init()
-bool ONetworkInterface::ioctl( int call, ifreqstruct& ifreq ) const
+bool ONetworkInterface::ioctl( int call, struct ifreq& ifreq ) const
 {
@@ -379,3 +379,3 @@ OWirelessNetworkInterface::~OWirelessNetworkInterface()
-iwreqstruct& OWirelessNetworkInterface::iwr() const
+struct iwreq& OWirelessNetworkInterface::iwr() const
 {
@@ -419,5 +419,2 @@ void OWirelessNetworkInterface::buildChannelList()
 {
-    // IEEE802.11(b) radio frequency channels
-    struct iw_range range;
    //ML: If you listen carefully enough, you can hear lots of WLAN drivers suck
@@ -427,8 +424,17 @@ void OWirelessNetworkInterface::buildChannelList()
    //ML: _too much_ space. This is damn shitty crap *sigh*
+    //ML: We allocate a large memory region in RAM and check whether the
-    _iwr.u.data.pointer = (char*) &range;
+    //ML: driver pollutes this extra space. The complaint will be made on stdout,
-    _iwr.u.data.length = IW_MAX_FREQUENCIES; //sizeof range;
+    //ML: so please forward this...
-    _iwr.u.data.flags = 0;
+    struct iwreq wrq;
-    if ( !wioctl( SIOCGIWRANGE ) )
+    int len = sizeof( struct iw_range )*2;
+    char *buffer = (char*) malloc( len );
+    //FIXME: Validate if we actually got the memory block
+    memset( buffer, 0, len );
+    memcpy( wrq.ifr_name, name(), IFNAMSIZ);
+    wrq.u.data.pointer = (caddr_t) buffer;
+    wrq.u.data.length = sizeof( struct iw_range );
+    wrq.u.data.flags = 0;
+    if ( ::ioctl( _sfd, SIOCGIWRANGE, &wrq ) == -1 )
    {
@@ -449,2 +455,17 @@ void OWirelessNetworkInterface::buildChannelList()
    {
+        // <check if the driver overwrites stuff>
+        int max = 0;
+        for ( int r = sizeof( struct iw_range ); r < len; r++ )
+            if (buffer[r] != 0)
+                max = r;
+        if (max > 0)
+        {
+            qWarning( "OWirelessNetworkInterface::buildChannelList(): Driver for wireless interface '%s'"
+                    "overwrote buffer end with at least %i bytes!\n", name(), max - sizeof( struct iw_range ) );
+        }
+        // </check if the driver overwrites stuff>
+        struct iw_range range;
+        memcpy( &range, buffer, sizeof range );
        qDebug( "OWirelessNetworkInterface::buildChannelList(): Interface %s reported to have %d channels.", name(), range.num_frequency );
@@ -456,3 +477,5 @@ void OWirelessNetworkInterface::buildChannelList()
    }
    qDebug( "OWirelessNetworkInterface::buildChannelList(): Channel list constructed." );
+    free(buffer);
 }
@@ -507,3 +530,3 @@ void OWirelessNetworkInterface::setChannel( int c ) const
    {
-        memset( &_iwr, 0, sizeof( iwreqstruct ) );
+        memset( &_iwr, 0, sizeof( struct iwreq ) );
        _iwr.u.freq.m = c;
@@ -641,3 +664,3 @@ void OWirelessNetworkInterface::setSSID( const QString& ssid )
-bool OWirelessNetworkInterface::wioctl( int call, iwreqstruct& iwreq ) const
+bool OWirelessNetworkInterface::wioctl( int call, struct iwreq& iwreq ) const
 {
@@ -677,3 +700,3 @@ void OMonitoringInterface::setChannel( int c )
    // use standard WE channel switching protocol
-    memset( &_if->_iwr, 0, sizeof( iwreqstruct ) );
+    memset( &_if->_iwr, 0, sizeof( struct iwreq ) );
    _if->_iwr.u.freq.m = c;
diff --git a/libopie2/opienet/onetwork.h b/libopie2/opienet/onetwork.h
index 7c70873..509c3db 100644
--- a/libopie2/opienet/onetwork.h
+++ b/libopie2/opienet/onetwork.h
@@ -74,9 +74,2 @@ class OMonitoringInterface;
-typedef struct ifreq ifreqstruct;
-typedef struct iwreq iwreqstruct;
-typedef struct iw_event iweventstruct;
-typedef struct iw_freq iwfreqstruct;
-typedef struct iw_priv_args iwprivargsstruct;
-typedef struct iw_range iwrangestruct;
 /*======================================================================================
@@ -138,3 +131,3 @@ class ONetworkInterface : public QObject
    const int _sfd;
-    mutable ifreqstruct _ifr;
+    mutable ifreq _ifr;
    OMonitoringInterface* _mon;
@@ -142,6 +135,6 @@ class ONetworkInterface : public QObject
  protected:
-    ifreqstruct& ifr() const;
+    struct ifreq& ifr() const;
    virtual void init();
    bool ioctl( int call ) const;
-    bool ioctl( int call, ifreqstruct& ) const;
+    bool ioctl( int call, struct ifreq& ) const;
 };
@@ -224,8 +217,8 @@ class OWirelessNetworkInterface : public ONetworkInterface
    virtual void init();
-    iwreqstruct& iwr() const;
+    struct iwreq& iwr() const;
    bool wioctl( int call ) const;
-    bool wioctl( int call, iwreqstruct& ) const;
+    bool wioctl( int call, struct iwreq& ) const;
  protected:
-    mutable iwreqstruct _iwr;
+    mutable struct iwreq _iwr;
    QMap<int,int> _channels;
author	mickeyl <mickeyl>	2003-04-04 10:31:26 (UTC)
committer	mickeyl <mickeyl>	2003-04-04 10:31:26 (UTC)
commit	089385bb8ab768fbf6f394f326e565e3589163fc (patch) (unidiff)
tree	23891b81b11310186c43179612531bc92e52ae65 /libopie2
parent	7da7e9cbfb52988ce801310f66b1336e0809db28 (diff)
download	opie-089385bb8ab768fbf6f394f326e565e3589163fc.zip opie-089385bb8ab768fbf6f394f326e565e3589163fc.tar.gz opie-089385bb8ab768fbf6f394f326e565e3589163fc.tar.bz2

diff --git a/libopie2/opienet/onetutils.cpp b/libopie2/opienet/onetutils.cpp index fd8f9e9..b317810 100644 --- a/libopie2/opienet/onetutils.cpp +++ b/libopie2/opienet/onetutils.cpp
@@ -185 +185,2 @@ void dumpBytes( const unsigned char* data, int num )
185	}	185	}
		186


diff --git a/libopie2/opienet/onetwork.cpp b/libopie2/opienet/onetwork.cpp index 66fa215..789e8ca 100644 --- a/libopie2/opienet/onetwork.cpp +++ b/libopie2/opienet/onetwork.cpp
@@ -130,4 +130,4 @@ bool ONetwork::isWirelessInterface( const char* name ) const
130	int sfd = socket( AF_INET, SOCK_STREAM, 0 );	130	int sfd = socket( AF_INET, SOCK_STREAM, 0 );
131	iwreqstruct iwr;	131	struct iwreq iwr;
132	memset( &iwr, 0, sizeof( iwreqstruct ) );	132	memset( &iwr, 0, sizeof( struct iwreq ) );
133	strcpy( (char*) &iwr.ifr_name, name );	133	strcpy( (char*) &iwr.ifr_name, name );
@@ -154,3 +154,3 @@ ONetworkInterface::ONetworkInterface( QObject* parent, const char* name )
154		154
155	ifreqstruct& ONetworkInterface::ifr() const	155	struct ifreq& ONetworkInterface::ifr() const
156	{	156	{
@@ -174,3 +174,3 @@ void ONetworkInterface::init()
174		174
175	bool ONetworkInterface::ioctl( int call, ifreqstruct& ifreq ) const	175	bool ONetworkInterface::ioctl( int call, struct ifreq& ifreq ) const
176	{	176	{
@@ -379,3 +379,3 @@ OWirelessNetworkInterface::~OWirelessNetworkInterface()
379		379
380	iwreqstruct& OWirelessNetworkInterface::iwr() const	380	struct iwreq& OWirelessNetworkInterface::iwr() const
381	{	381	{
@@ -419,5 +419,2 @@ void OWirelessNetworkInterface::buildChannelList()
419	{	419	{
420	// IEEE802.11(b) radio frequency channels
421	struct iw_range range;
422
423	//ML: If you listen carefully enough, you can hear lots of WLAN drivers suck	420	//ML: If you listen carefully enough, you can hear lots of WLAN drivers suck
@@ -427,8 +424,17 @@ void OWirelessNetworkInterface::buildChannelList()
427	//ML: _too much_ space. This is damn shitty crap sigh	424	//ML: _too much_ space. This is damn shitty crap sigh
428		425	//ML: We allocate a large memory region in RAM and check whether the
429	_iwr.u.data.pointer = (char*) &range;	426	//ML: driver pollutes this extra space. The complaint will be made on stdout,
430	_iwr.u.data.length = IW_MAX_FREQUENCIES; //sizeof range;	427	//ML: so please forward this...
431	_iwr.u.data.flags = 0;	428
432		429	struct iwreq wrq;
433	if ( !wioctl( SIOCGIWRANGE ) )	430	int len = sizeof( struct iw_range )*2;
		431	char buffer = (char) malloc( len );
		432	//FIXME: Validate if we actually got the memory block
		433	memset( buffer, 0, len );
		434	memcpy( wrq.ifr_name, name(), IFNAMSIZ);
		435	wrq.u.data.pointer = (caddr_t) buffer;
		436	wrq.u.data.length = sizeof( struct iw_range );
		437	wrq.u.data.flags = 0;
		438
		439	if ( ::ioctl( _sfd, SIOCGIWRANGE, &wrq ) == -1 )
434	{	440	{
@@ -449,2 +455,17 @@ void OWirelessNetworkInterface::buildChannelList()
449	{	455	{
		456	// <check if the driver overwrites stuff>
		457	int max = 0;
		458	for ( int r = sizeof( struct iw_range ); r < len; r++ )
		459	if (buffer[r] != 0)
		460	max = r;
		461	if (max > 0)
		462	{
		463	qWarning( "OWirelessNetworkInterface::buildChannelList(): Driver for wireless interface '%s'"
		464	"overwrote buffer end with at least %i bytes!\n", name(), max - sizeof( struct iw_range ) );
		465	}
		466	// </check if the driver overwrites stuff>
		467
		468	struct iw_range range;
		469	memcpy( &range, buffer, sizeof range );
		470
450	qDebug( "OWirelessNetworkInterface::buildChannelList(): Interface %s reported to have %d channels.", name(), range.num_frequency );	471	qDebug( "OWirelessNetworkInterface::buildChannelList(): Interface %s reported to have %d channels.", name(), range.num_frequency );
@@ -456,3 +477,5 @@ void OWirelessNetworkInterface::buildChannelList()
456	}	477	}
		478
457	qDebug( "OWirelessNetworkInterface::buildChannelList(): Channel list constructed." );	479	qDebug( "OWirelessNetworkInterface::buildChannelList(): Channel list constructed." );
		480	free(buffer);
458	}	481	}
@@ -507,3 +530,3 @@ void OWirelessNetworkInterface::setChannel( int c ) const
507	{	530	{
508	memset( &_iwr, 0, sizeof( iwreqstruct ) );	531	memset( &_iwr, 0, sizeof( struct iwreq ) );
509	_iwr.u.freq.m = c;	532	_iwr.u.freq.m = c;
@@ -641,3 +664,3 @@ void OWirelessNetworkInterface::setSSID( const QString& ssid )
641		664
642	bool OWirelessNetworkInterface::wioctl( int call, iwreqstruct& iwreq ) const	665	bool OWirelessNetworkInterface::wioctl( int call, struct iwreq& iwreq ) const
643	{	666	{
@@ -677,3 +700,3 @@ void OMonitoringInterface::setChannel( int c )
677	// use standard WE channel switching protocol	700	// use standard WE channel switching protocol
678	memset( &_if->_iwr, 0, sizeof( iwreqstruct ) );	701	memset( &_if->_iwr, 0, sizeof( struct iwreq ) );
679	_if->_iwr.u.freq.m = c;	702	_if->_iwr.u.freq.m = c;


diff --git a/libopie2/opienet/onetwork.h b/libopie2/opienet/onetwork.h index 7c70873..509c3db 100644 --- a/libopie2/opienet/onetwork.h +++ b/libopie2/opienet/onetwork.h
@@ -74,9 +74,2 @@ class OMonitoringInterface;
74		74
75	typedef struct ifreq ifreqstruct;
76	typedef struct iwreq iwreqstruct;
77	typedef struct iw_event iweventstruct;
78	typedef struct iw_freq iwfreqstruct;
79	typedef struct iw_priv_args iwprivargsstruct;
80	typedef struct iw_range iwrangestruct;
81
82	/*======================================================================================	75	/*======================================================================================
@@ -138,3 +131,3 @@ class ONetworkInterface : public QObject
138	const int _sfd;	131	const int _sfd;
139	mutable ifreqstruct _ifr;	132	mutable ifreq _ifr;
140	OMonitoringInterface* _mon;	133	OMonitoringInterface* _mon;
@@ -142,6 +135,6 @@ class ONetworkInterface : public QObject
142	protected:	135	protected:
143	ifreqstruct& ifr() const;	136	struct ifreq& ifr() const;
144	virtual void init();	137	virtual void init();
145	bool ioctl( int call ) const;	138	bool ioctl( int call ) const;
146	bool ioctl( int call, ifreqstruct& ) const;	139	bool ioctl( int call, struct ifreq& ) const;
147	};	140	};
@@ -224,8 +217,8 @@ class OWirelessNetworkInterface : public ONetworkInterface
224	virtual void init();	217	virtual void init();
225	iwreqstruct& iwr() const;	218	struct iwreq& iwr() const;
226	bool wioctl( int call ) const;	219	bool wioctl( int call ) const;
227	bool wioctl( int call, iwreqstruct& ) const;	220	bool wioctl( int call, struct iwreq& ) const;
228		221
229	protected:	222	protected:
230	mutable iwreqstruct _iwr;	223	mutable struct iwreq _iwr;
231	QMap<int,int> _channels;	224	QMap<int,int> _channels;