From ded22b5390cba3dcb28ef590acba203fd0117d70 Mon Sep 17 00:00:00 2001 From: Helmut Schaa Date: Mon, 14 Oct 2013 20:44:31 +0300 Subject: [PATCH] hostapd: Fix segfault after ACS when flushing STAs When hostapd receives an auth frame during ACS the transmission of the according auth response will always fail: ACS: Automatic channel selection started, this may take a bit [..] send_auth_reply: send: Resource temporarily unavailable [..] However, a station info entry was created. Once ACS is finished it will flush all stations even though hapd was not yet fully initialized. This results in a segfault when trying to access hapd->radius: 0 0x0042c1c0 in radius_client_flush_auth () 1 0x00416a94 in ap_free_sta () 2 0x00416cc0 in hostapd_free_stas () 3 0x0040bce8 in hostapd_flush_old_stations () 4 0x0040c790 in hostapd_setup_interface_complete () 5 0x0046347c in acs_scan_complete () 6 0x0040f834 in hostapd_wpa_event () 7 0x0043af08 in send_scan_event.part.46 () 8 0x00443a64 in send_scan_event () 9 0x00443c24 in do_process_drv_event () 10 0x004449e8 in process_global_event () 11 0x7767d7d0 in ?? () Fix this by not presuming anything about the initialization state of hapd and checking ->radius before accessing. Signed-off-hostapd: Helmut Schaa --- src/ap/sta_info.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c index 6704c09c0..016b9b6ac 100644 --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c @@ -232,7 +232,8 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta) wpa_auth_sta_deinit(sta->wpa_sm); rsn_preauth_free_station(hapd, sta); #ifndef CONFIG_NO_RADIUS - radius_client_flush_auth(hapd->radius, sta->addr); + if (hapd->radius) + radius_client_flush_auth(hapd->radius, sta->addr); #endif /* CONFIG_NO_RADIUS */ os_free(sta->last_assoc_req);