From 95471fc3e88fccdaaabc96227742a619d320c621 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 13 May 2020 17:36:40 +0300 Subject: [PATCH] Handle hostapd_for_each_interface() at the process termination Clean struct hapd_interfaces pointers and interface count during deinitialization at the end of theh ostapd process termination so that a call to hostapd_for_each_interface() after this does not end up dereferencing freed memory. Such cases do not exist before this commit, but can be added after this, e.g., for DPP needs. Signed-off-by: Jouni Malinen --- hostapd/main.c | 3 +++ src/ap/hostapd.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/hostapd/main.c b/hostapd/main.c index 6a69412d0..09261d6be 100644 --- a/hostapd/main.c +++ b/hostapd/main.c @@ -903,8 +903,11 @@ int main(int argc, char *argv[]) !!(interfaces.iface[i]->drv_flags & WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT); hostapd_interface_deinit_free(interfaces.iface[i]); + interfaces.iface[i] = NULL; } os_free(interfaces.iface); + interfaces.iface = NULL; + interfaces.count = 0; #ifdef CONFIG_DPP dpp_global_deinit(interfaces.dpp); diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index 5515ab34d..79ad38c40 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -76,6 +76,8 @@ int hostapd_for_each_interface(struct hapd_interfaces *interfaces, int ret; for (i = 0; i < interfaces->count; i++) { + if (!interfaces->iface[i]) + continue; ret = cb(interfaces->iface[i], ctx); if (ret) return ret;