From 4fada1215d13a4bff171d0348fc106cefa215082 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 7 Feb 2015 13:02:19 +0200 Subject: [PATCH] Fix HT40 co-ex scanning issue on hostapd error path If HT40 co-ex scan fails due to the driver rejecting scan triggers multiple times, it was possible for the ap_ht40_scan_retry() timeout being left behind and it getting run after hapd->drv_priv has been cleared. This would result in NULL pointer dereference in driver_nl80211_scan.c. Fix this by canceling the timeout when disabling the interface. Signed-off-by: Jouni Malinen --- src/ap/hostapd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index b641503c7..61614dc3d 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -357,6 +357,11 @@ static void hostapd_cleanup(struct hostapd_data *hapd) static void hostapd_cleanup_iface_partial(struct hostapd_iface *iface) { wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface); +#ifdef CONFIG_IEEE80211N +#ifdef NEED_AP_MLME + hostapd_stop_setup_timers(iface); +#endif /* NEED_AP_MLME */ +#endif /* CONFIG_IEEE80211N */ hostapd_free_hw_features(iface->hw_features, iface->num_hw_features); iface->hw_features = NULL; os_free(iface->current_rates);