NetBSD Problem Report #55424

From jruohone@gmail.com  Sat Jun 27 03:56:16 2020
Return-Path: <jruohone@gmail.com>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id DF72D1A9227
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 27 Jun 2020 03:56:16 +0000 (UTC)
Message-Id: <20200627035612.3CB031AEC7F@kafka.localdomain>
Date: Sat, 27 Jun 2020 06:56:12 +0300 (EEST)
From: jruohonen@iki.fi
Sender: j ruohonen <jruohone@gmail.com>
Reply-To: jruohonen@iki.fi
To: gnats-bugs@NetBSD.org
Subject: urtwn(4) panics when setting (invalid) channel
X-Send-Pr-Version: 3.95

>Number:         55424
>Category:       kern
>Synopsis:       urtwn(4) panics when setting (invalid) channel
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jun 27 04:00:00 +0000 2020
>Last-Modified:  Sat Jun 27 05:10:04 +0000 2020
>Originator:     jruohonen@iki.fi
>Release:        NetBSD 9.99.68
>Organization:
>Environment:
System: NetBSD kafka 9.99.68 NetBSD 9.99.68 (CUSTOM) #0: Tue Jun 23 11:22:56 EEST 2020 jruoho@kafka:/tmp/obj/sys/arch/amd64/compile/CUSTOM amd64
Architecture: x86_64
Machine: amd64
>Description:
The urtwn(4) driver panics when setting an invalid channel (e.g., 14 for 11a). 
>How-To-Repeat:

# ifconfig urtwn1 up
# ifconfig urtwn1 mode 11a
# ifconfig urtwn1 chan 1

Trace (hand-copied):

[...]
stopped in pid 10540.10540 (ifconfig) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
vpanic() t netbsd:vpanic+0x152
__x86_indirect_thunk_rax() at netbsd:__x86_indirect_trunk_rax
urtwn_set_chan.constprop.16() at netbsd:urtwn_set_chan.constprop.160x84f
urtwn_ioctl() at netbsd:urtwn_ioctl+0x132
doifioctl() at netbsd:doifioctl+0x92e
sys_ioctl() at netbsd:sys_ioctl+0x550
syscal() at netbsd:syscall+0x26e
[...]

>Fix:
Input validation?

>Audit-Trail:
From: "Jukka Ruohonen" <jruoho@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/55424 CVS commit: src
Date: Sat, 27 Jun 2020 05:07:08 +0000

 Module Name:	src
 Committed By:	jruoho
 Date:		Sat Jun 27 05:07:08 UTC 2020

 Modified Files:
 	src/distrib/sets/lists/tests: mi
 	src/tests/sbin/ifconfig: Makefile
 Added Files:
 	src/tests/sbin/ifconfig: t_woptions.sh

 Log Message:
 Add test cases for different 802.11 options. These include cases for
 PR kern/35045, PR kern/45745, and PR kern/55424.


 To generate a diff of this commit:
 cvs rdiff -u -r1.854 -r1.855 src/distrib/sets/lists/tests/mi
 cvs rdiff -u -r1.5 -r1.6 src/tests/sbin/ifconfig/Makefile
 cvs rdiff -u -r0 -r1.1 src/tests/sbin/ifconfig/t_woptions.sh

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.