Hello,
hostapd daemon crashed on parsing config file.
Reproduced on -current. Found with afl-fuzz.
# cat report-hostapd/tc11.min
set hostap interface e
set hostap interface i
# hostapd -f report-hostapd/tc11.min | less
report-hostapd/tc11.min:2: syntax error
failed to close: Bad file descriptor
failed to close: Bad file descriptor
failed to close: Bad file descriptor
...
failed to close: Bad file descriptor
failed to close: Bad file descriptor
Segmentation fault (core dumped)
# gdb -c hostapd.core /usr/sbin/hostapd
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd6.2"...(no debugging symbols
found)
Core was generated by `hostapd'.
Program terminated with signal 11, Segmentation fault.
(no debugging symbols found)
Loaded symbols for /usr/sbin/hostapd
Reading symbols from /usr/lib/libevent.so.4.1...done.
Loaded symbols for /usr/lib/libevent.so.4.1
Reading symbols from /usr/lib/libc.so.92.0...done.
Loaded symbols for /usr/lib/libc.so.92.0
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0 __vfprintf (fp=0x7f7fff7cff80, fmt0=0x1fc84440dc92 "failed to close: %s\n",
ap=0x7f7fff7d0140) at /usr/src/lib/libc/stdio/vfprintf.c:492
492 while ((len = mbrtowc(&wc, fmt, MB_CUR_MAX, &ps)) != 0)
{
(gdb) bt
#0 __vfprintf (fp=0x7f7fff7cff80, fmt0=0x1fc84440dc92 "failed to close: %s\n",
ap=0x7f7fff7d0140) at /usr/src/lib/libc/stdio/vfprintf.c:492
#1 0x00001fcae9f81fdf in __vfprintf (fp=0x1fcaea1fe130, fmt0=0x1fc84440dc92
"failed to close: %s\n", ap=0x7f7fff7d0140)
at /usr/src/lib/libc/stdio/vfprintf.c:140
#2 0x00001fcae9f81e72 in _libc_vfprintf (fp=0x1fcaea1fe130,
fmt0=0x1fc84440dc92 "failed to close: %s\n", ap=0x7f7fff7d0140)
at /usr/src/lib/libc/stdio/vfprintf.c:263
#3 0x00001fc844304d44 in hostapd_iapp_input () from /usr/sbin/hostapd
#4 0x00001fc844302b82 in ?? () from /usr/sbin/hostapd
#5 0x00001fc844304db5 in hostapd_iapp_input () from /usr/sbin/hostapd
#6 0x00001fc844304d58 in hostapd_iapp_input () from /usr/sbin/hostapd
#7 0x00001fc844302b82 in ?? () from /usr/sbin/hostapd
#8 0x00001fc844304db5 in hostapd_iapp_input () from /usr/sbin/hostapd
#9 0x00001fc844304d58 in hostapd_iapp_input () from /usr/sbin/hostapd
Sergey
