jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Clean up hostapd add_iface error path operations

Browse source 
If hapd_iface->bss[i] == NULL, this could have resulted in NULL pointer
dereference in the debug print. Avoid this by skipping the message in
case of NULL pointer. In addition, clear iface->bss[i] to NULL for
additional robustness even though this array gets freed immediately.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-03-02 15:29:26 +02:00
parent 67adcd266c
commit 7b6e81575f
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/ap/hostapd.c
View file

@ -1877,14 +1877,17 @@ fail:
if (hapd_iface->bss) { if (hapd_iface->bss) {
for (i = 0; i < hapd_iface->num_bss; i++) { for (i = 0; i < hapd_iface->num_bss; i++) {
hapd = hapd_iface->bss[i]; hapd = hapd_iface->bss[i];
if (hapd && hapd_iface->interfaces && if (!hapd)
continue;
if (hapd_iface->interfaces &&
hapd_iface->interfaces->ctrl_iface_deinit) hapd_iface->interfaces->ctrl_iface_deinit)
hapd_iface->interfaces-> hapd_iface->interfaces->
ctrl_iface_deinit(hapd); ctrl_iface_deinit(hapd);
wpa_printf(MSG_DEBUG, "%s: free hapd %p (%s)", wpa_printf(MSG_DEBUG, "%s: free hapd %p (%s)",
__func__, hapd_iface->bss[i], __func__, hapd_iface->bss[i],
hapd_iface->bss[i]->conf->iface); hapd->conf->iface);
os_free(hapd_iface->bss[i]); os_free(hapd);
hapd_iface->bss[i] = NULL;
} }
os_free(hapd_iface->bss); os_free(hapd_iface->bss);
} }