aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorChen, Yi <yichen@qti.qualcomm.com>2015-09-02 15:55:01 (GMT)
committerJouni Malinen <j@w1.fi>2015-09-07 17:51:58 (GMT)
commit24fd20438f00a6f1bdeb6f23358ef60c2696b488 (patch)
treea0ffd51d30dd6c6d807b37f094f3354fabc3e471 /src
parentae3eacf7717f0553c9434b920a799a1d61886b22 (diff)
downloadhostap-24fd20438f00a6f1bdeb6f23358ef60c2696b488.zip
hostap-24fd20438f00a6f1bdeb6f23358ef60c2696b488.tar.gz
hostap-24fd20438f00a6f1bdeb6f23358ef60c2696b488.tar.bz2
WPS: Fix num_probereq_cb clearing on DISABLE to avoid segfault
Reset hapd->num_probereq_cb to 0 on an interface deinit to avoid unexpected behavior if the same interface is enabled again without fully freeing the data structures. hostapd_register_probereq_cb() increments hapd->num_probereq_cb by one and leaves all old values unchanged. In this deinit+init case, that would result in the first entry in the list having an uninitialized pointer and the next Probe Request frame processing would likely cause the process to terminate on segmentation fault. This issue could be hit when hostapd was used with WPS enabled (non-zero wps_state configuration parameter) and control interface command DISABLE and ENABLE were used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src')
-rw-r--r--src/ap/hostapd.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index e4d7bfc..c09c17a 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -261,6 +261,7 @@ static void hostapd_free_hapd_data(struct hostapd_data *hapd)
{
os_free(hapd->probereq_cb);
hapd->probereq_cb = NULL;
+ hapd->num_probereq_cb = 0;
#ifdef CONFIG_P2P
wpabuf_free(hapd->p2p_beacon_ie);