Clear hostapd bss entry to NULL on add-interface-failure
It looks like leaving behind the freed pointed at the end of the array could end up in a crash triggered by double free in some cases. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
0052ce499a
commit
b908c50a81
1 changed files with 1 additions and 0 deletions
|
|
@ -1807,6 +1807,7 @@ int hostapd_add_iface(struct hapd_interfaces *interfaces, char *buf)
|
||||||
if (start_ctrl_iface_bss(hapd) < 0 ||
|
if (start_ctrl_iface_bss(hapd) < 0 ||
|
||||||
(hapd_iface->state == HAPD_IFACE_ENABLED &&
|
(hapd_iface->state == HAPD_IFACE_ENABLED &&
|
||||||
hostapd_setup_bss(hapd, -1))) {
|
hostapd_setup_bss(hapd, -1))) {
|
||||||
|
hapd_iface->bss[hapd_iface->num_bss - 1] = NULL;
|
||||||
hapd_iface->conf->num_bss--;
|
hapd_iface->conf->num_bss--;
|
||||||
hapd_iface->num_bss--;
|
hapd_iface->num_bss--;
|
||||||
wpa_printf(MSG_DEBUG, "%s: free hapd %p %s",
|
wpa_printf(MSG_DEBUG, "%s: free hapd %p %s",
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue