wpa_supplicant: Fix seg fault in wpas_ctrl_radio_work_flush() in error case

Verify wpa_s->radio pointer before accessing it. If interface addition
fails, this could get called before wpa_s->radio has been set.

The segmentation fault details:

Program received signal SIGSEGV, Segmentation fault.
0x00000000004b9591 in wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
5754		dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,

Call stack:
0  wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
1  wpa_supplicant_deinit_iface (wpa_s=0x77fff0, notify=0, terminate=0) at wpa_supplicant.c:3619
2  wpa_supplicant_add_iface (global=0x75db10, iface=0x7fffffffe270) at wpa_supplicant.c:3691
3  wpas_p2p_add_p2pdev_interface (wpa_s=0x75dd20) at p2p_supplicant.c:3700
4  main (argc=<optimized out>, argv=<optimized out>) at main.c:317

Function:
5750	void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
5751	{
5752		struct wpa_radio_work *work, *tmp;
5753
5754		dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
5755				      struct wpa_radio_work, list) {
5756			struct wpa_external_work *ework;
5757
5758			if (os_strncmp(work->type, "ext:", 4) != 0)

Root cause:
(gdb) p wpa_s->radio
$1 = (struct wpa_radio *) 0x0

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index f7ee6e3..ec79de3 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -5477,6 +5477,9 @@ void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
 {
 	struct wpa_radio_work *work, *tmp;
 
+	if (!wpa_s || !wpa_s->radio)
+		return;
+
 	dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
 			      struct wpa_radio_work, list) {
 		struct wpa_external_work *ework;