From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-08-24 14:29:02 UTC
On Tue, Aug 20, 2002 at 07:05:45PM +1000, wayne wrote:
> Only occurs when WEP is enabled and after a couple of minutes of normal web
> browsing. Oops output appears to be exactly the same as my previous post.
> Also, still can't get WEP to work using a Windows client unless in Ad-hoc
> mode and WEP handled by firmware.
OK, I was finally able to reproduce this. The encryption code had quite bad bug in calling the encrypt routine. The length of the packet was given with the extra space needed for IV and ICV. However, this should have included only the payload before encryption. As the end result, the encrypt routine happily overwrote the allocated buffer with 8 bytes. This might go unnoticed in some cases (i.e., did not crash anything in my first tests), but it is certainly something that should not be done.
The fix is in the CVS. Please report whether this fixes the problems. In addition, I'm finally trying to get the next release out (assuming this fix removes most common problems at least on uniprocessor settings). So any other problem reports would also be welcome. I'll do some flood testing on SMP setup before the release since some crashes have been reported and I'm not sure whether all cases have been fixed.
-- Jouni Malinen PGP id EFC895FA