aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2016-09-21 21:31:00 (GMT)
committerJouni Malinen <j@w1.fi>2016-09-21 21:45:24 (GMT)
commit5e993390f6ce34b169bf37becb2e5561262ec68f (patch)
tree45ccc2df089431bc60d410bcc5bf3e36a8bbd840
parent4424aa5d7d1a1624b2a2e0241430da7ee3e80a54 (diff)
downloadhostap-5e993390f6ce34b169bf37becb2e5561262ec68f.zip
hostap-5e993390f6ce34b169bf37becb2e5561262ec68f.tar.gz
hostap-5e993390f6ce34b169bf37becb2e5561262ec68f.tar.bz2
Initialize iface->sta_seen on allocation
Previously, struct hostapd_iface sta_seen list head was initialized only when completing interface setup. This left a window for operation that could potentially iterate through the list before the list head has been initialized. While the existing code checked iface->num_sta_seen to avoid this case, it is much cleaner to initialize the list when struct hostapd_iface is allocated to avoid any accidental missing of the extra checks before list iteration. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/ap/hostapd.c19
-rw-r--r--src/ap/hostapd.h1
-rw-r--r--wpa_supplicant/ap.c2
3 files changed, 18 insertions, 4 deletions
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index a09d423..5e83fbc 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -1777,7 +1777,6 @@ static int hostapd_setup_interface_complete_sync(struct hostapd_iface *iface,
hostapd_tx_queue_params(iface);
ap_list_init(iface);
- dl_list_init(&iface->sta_seen);
hostapd_set_acl(hapd);
@@ -2068,6 +2067,20 @@ void hostapd_interface_free(struct hostapd_iface *iface)
}
+struct hostapd_iface * hostapd_alloc_iface(void)
+{
+ struct hostapd_iface *hapd_iface;
+
+ hapd_iface = os_zalloc(sizeof(*hapd_iface));
+ if (!hapd_iface)
+ return NULL;
+
+ dl_list_init(&hapd_iface->sta_seen);
+
+ return hapd_iface;
+}
+
+
/**
* hostapd_init - Allocate and initialize per-interface data
* @config_file: Path to the configuration file
@@ -2085,7 +2098,7 @@ struct hostapd_iface * hostapd_init(struct hapd_interfaces *interfaces,
struct hostapd_data *hapd;
size_t i;
- hapd_iface = os_zalloc(sizeof(*hapd_iface));
+ hapd_iface = hostapd_alloc_iface();
if (hapd_iface == NULL)
goto fail;
@@ -2421,7 +2434,7 @@ hostapd_iface_alloc(struct hapd_interfaces *interfaces)
return NULL;
interfaces->iface = iface;
hapd_iface = interfaces->iface[interfaces->count] =
- os_zalloc(sizeof(*hapd_iface));
+ hostapd_alloc_iface();
if (hapd_iface == NULL) {
wpa_printf(MSG_ERROR, "%s: Failed to allocate memory for "
"the interface", __func__);
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index 195679e..f58c965 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -471,6 +471,7 @@ int hostapd_setup_interface(struct hostapd_iface *iface);
int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
void hostapd_interface_deinit(struct hostapd_iface *iface);
void hostapd_interface_free(struct hostapd_iface *iface);
+struct hostapd_iface * hostapd_alloc_iface(void);
struct hostapd_iface * hostapd_init(struct hapd_interfaces *interfaces,
const char *config_file);
struct hostapd_iface *
diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 356784a..5afb772 100644
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -675,7 +675,7 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
return -1;
}
- wpa_s->ap_iface = hapd_iface = os_zalloc(sizeof(*wpa_s->ap_iface));
+ wpa_s->ap_iface = hapd_iface = hostapd_alloc_iface();
if (hapd_iface == NULL)
return -1;
hapd_iface->owner = wpa_s;