39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 24fd20438f00a6f1bdeb6f23358ef60c2696b488 Mon Sep 17 00:00:00 2001
|
|
From: "Chen, Yi" <yichen@qti.qualcomm.com>
|
|
Date: Wed, 2 Sep 2015 21:25:01 +0530
|
|
Subject: WPS: Fix num_probereq_cb clearing on DISABLE to avoid segfault
|
|
|
|
Reset hapd->num_probereq_cb to 0 on an interface deinit to avoid
|
|
unexpected behavior if the same interface is enabled again without fully
|
|
freeing the data structures. hostapd_register_probereq_cb() increments
|
|
hapd->num_probereq_cb by one and leaves all old values unchanged. In
|
|
this deinit+init case, that would result in the first entry in the list
|
|
having an uninitialized pointer and the next Probe Request frame
|
|
processing would likely cause the process to terminate on segmentation
|
|
fault.
|
|
|
|
This issue could be hit when hostapd was used with WPS enabled (non-zero
|
|
wps_state configuration parameter) and control interface command DISABLE
|
|
and ENABLE were used.
|
|
|
|
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
|
---
|
|
src/ap/hostapd.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
|
|
index e4d7bfc..c09c17a 100644
|
|
--- a/src/ap/hostapd.c
|
|
+++ b/src/ap/hostapd.c
|
|
@@ -261,6 +261,7 @@ static void hostapd_free_hapd_data(struct hostapd_data *hapd)
|
|
{
|
|
os_free(hapd->probereq_cb);
|
|
hapd->probereq_cb = NULL;
|
|
+ hapd->num_probereq_cb = 0;
|
|
|
|
#ifdef CONFIG_P2P
|
|
wpabuf_free(hapd->p2p_beacon_ie);
|
|
--
|
|
cgit v0.12
|
|
|