Re: a possible bug in handle_ap_queue function in prism2_ap.c ?


From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-06-19 19:09:36 UTC



On Wed, Jun 19, 2002 at 02:24:33PM -0400, Tiebing Zhang wrote:

> I am running APs with hostap driver and they are runing great. But
> recently I got many "AP queue full - dropping new message" errors. I
> checked the function handle_ap_queue in prism2_ap.c, and found out there
> is no "break;" in the following section of code. without a break, this
> actually will cause a memory leak, right?

Yes, indeed. Good catch! If there were more than one item in the queue, only the last one was processed and the rest were dropped with memory leak. Adding break fixes the leak and in addition it should help authentication and association in situations when management frames are received frequently.

> for (i = 0; i < AP_QUEUE_LEN; i++) {
> if (local->ap->ap_queued_items[i] != NULL) {
> rxdesc = (struct hfa384x_rx_frame *)
> local->ap->ap_queued_items[i];
> type = local->ap->ap_queued_type[i];
> local->ap->ap_queued_items[i] = NULL;
>
> -->>>> break; <<<<<--------
> }
> }

Applied, fixed version available from CVS.

-- 
Jouni Malinen                                            PGP id EFC895FA


This archive was generated by hypermail 2.1.4.