From c3805fb62318741debf55ecb1a6ce9e4e60ae38d Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 26 Apr 2019 16:24:31 +0300 Subject: [PATCH] Ignore channel switch event if AP interface is not yet ready It is apparently possible to somehow trigger the driver to report a channel switch event during ACS operation when the interface information is not yet complete. hapd->iface->current_mode could be NULL in that case and that would result in process termination due to NULL pointer dereference. It should not really be possible to trigger a channel switch during ACS is running (i.e., before the AP mode operation has been started), but since that has been seen in an arbitrary test sequence with interface start/stop operations with various parameters (both valid and invalid), better prevent a crash here by ignoring the unexpected event instead of trying to process it. Signed-off-by: Jouni Malinen --- src/ap/drv_callbacks.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index 58753e55a..6a40b8f98 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -789,6 +789,13 @@ void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht, freq, ht, hapd->iconf->ch_switch_vht_config, offset, width, channel_width_to_string(width), cf1, cf2); + if (!hapd->iface->current_mode) { + hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_WARNING, + "ignore channel switch since the interface is not yet ready"); + return; + } + hapd->iface->freq = freq; channel = hostapd_hw_get_channel(hapd, freq);