#12757 NORM Future : XO-1 wireless scan results truncated by nearby mesh nodes

Zarro Boogs per Child bugtracker at laptop.org
Tue Feb 11 00:20:06 EST 2014

#12757: XO-1 wireless scan results truncated by nearby mesh nodes
           Reporter:  Quozl   |       Owner:                          
               Type:  defect  |      Status:  new                     
           Priority:  normal  |   Milestone:  Future Release          
          Component:  kernel  |     Version:  Software Build 13.2.0-13
         Resolution:          |    Keywords:                          
        Next_action:  review  |    Verified:  0                       
Deployment_affected:          |   Blockedby:                          
           Blocking:          |  
Changes (by Quozl):

  * next_action:  diagnose => review


 A test was run with LBS_DEB_SCAN enabled, with two TP-Link WR703N access
 points.  Two nearby XO-1s were configured with mesh active.

 Scans were run repeatedly until a truncated scan result set was detected;
 without the first access point.


 LBS_DEB_HEX was enabled, and another truncated scan result set captured;
 again without the first access point.


 scan response: invalid IE fmt

 When the scan results contained a probe response from a laptop that has
 mesh enabled, the SSID IE is zero length, and this caused further
 processing of the scan results to stop, even though there were valid
 results from access points in the buffer ''after'' the mesh probe

 This is a bug in the driver, and has been present from day zero.

 It is a denial of service security vulnerability, because it makes it
 possible to hide an AP from the laptop by transmitting a probe response
 with a zero length SSID IE.

 Fixed in http://dev.laptop.org/git/olpc-

Ticket URL: <http://dev.laptop.org/ticket/12757#comment:3>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system

More information about the Bugs mailing list