Call to ioctl() results in errno indicating "Bad address"

Question

I'm getting the following error:

wlan_config_vap_priv_int vap lan0 cmd cpauth val 0(0) error: Bad address

Which is from the print in wlan_config_vap_priv_int. Does anyone know what might be causing the "Bad address" error?

From why does ioctl return "bad address" I suspect the culprit may be the ioctl call, but I don't see why.

int wlan_config_vap_priv(char *vap, char *cmd, char * val) {
    int fd, ret;
    struct ifreq ifr;
    param_t fp;

    strncpy(ifr.ifr_name, vap, IFNAMSIZ);
    strncpy(fp.cmd, cmd, sizeof(fp.cmd));
    strncpy(fp.val, val, sizeof(fp.val));
    ifr.ifr_data = (void *) &fp;
    printf("%s:%d: config vap %s priv %s=%s\n", __func__, __LINE__, vap, cmd, val);
    if((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
        perror("socket");
        return -1;
    }
    ret = ioctl(fd, SIOCSPARAM, &ifr);
    close(fd);
    return (ret);
}

int wlan_config_vap_priv_int(uint8_t rId, char *vap, char *cmd, int val) {

    char buf[32];
    int ret;

    snprintf(buf, sizeof(buf), "%d", val);
    ret = wlan_config_vap_priv(vap, cmd, buf);
    if (ret < 0) {
        CW_LOG_ERR("%s vap %s cmd %s val %s(%d) error: %s\n",
                    __FUNCTION__, vap, cmd, buf, val, strerror(errno));
    }
    return ret;
}

What is `SIOCSPARAM` ? Does the call fail on `ioctl` or on `socket`? The line it's just CW_LOG_ERR function printin it. EFAULT is a strange errno to get, did you clear errno before calling `wlan_config_vap_priv`? — KamilCuk, Sep 19 '18 at 18:16
Using `strncpy(str, str2, sizeof(str))` is bad practice, in case `strlen(str2) == sizeof(str)` string will be not null terminated. Use `strscpy`. — KamilCuk, Sep 19 '18 at 18:19
I can't find any mention of `SIOCSPARAM`, either on Google, in man pages, in the Linux kernel source, or in C headers ... — o11c, Sep 19 '18 at 18:20
I implemented SIOCSPARAM myself, so it's not a standard ioctl. @o11c — Jobs, Sep 19 '18 at 18:22
I say you shouldn't expect a null terminated string after using `strncpy` function, no matter what you use with it. If you expect strings to be null terminated, use `strscpy`. Forget about `strncpy`. Does the negative value returned by `wlan_config_vap_priv` is returned by ioctl call or by socket call? "How" did you implemented ioctl call? How is SIOCSPARAM defined? What kind of system/environment is this? — KamilCuk, Sep 19 '18 at 18:27
"I implemented SIOCSPARAM myself". Only you can tell why your ioctl returns an error then. — n. m. could be an AI, Sep 19 '18 at 18:42
Please include your kernel part for `SIOCSPARAM`. Otherwise this question does not provide enough information. — milaniez, Sep 19 '18 at 18:57
@KamilCuk `strscpy` is for Kernel. This seems like user-space code. — milaniez, Sep 19 '18 at 19:32
`strscpy` is not a standard C library function. It's probably better to just learn how to use `strncpy` the right way. — Christian Gibbons, Sep 19 '18 at 19:54
Two functions with no information on what you pass to them, what your environment and hardware are, what your custom parts are, etc. - do not a question make. There is no point in speculating from such incomplete data. — underscore_d, Sep 19 '18 at 19:57

milaniez · Answer 1 · 2018-09-19T19:30:39.690

Your information is incomplete because you do not have the Kernel part for SIOCSPARAM.

However according to http://man7.org/linux/man-pages/man2/ioctl.2.html, this error happens when argp references an inaccessible memory area

EFAULT argp references an inaccessible memory area.

Your source strings do not have size attached to them. Using strncpy on this string is unsafe and could be the culprit. You can try using something like snprintf.

Call to ioctl() results in errno indicating "Bad address"

1 Answers1