UBSan: Avoid NULL pointer dereferences on an error path

hapd->conf might be NULL in case initialized failed, so better be
prepared for that when debug printing interface name in the deinit path.

hostapd.c:312:54: runtime error: member access within null pointer of type 'struct hostapd_bss_config'
hostapd.c:351:29: runtime error: member access within null pointer of type 'struct hostapd_bss_config'
hostapd.c:2158:18: runtime error: member access within null pointer of type 'struct hostapd_bss_config'

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index acab89edb73b9a69d061ea1df8c8884f3f7a0f5f..16c030f36ab2ea306343a6e24c91b0b4818c9084 100644 (file)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -348,7 +348,7 @@ static void hostapd_free_hapd_data(struct hostapd_data *hapd)
 
        if (!hapd->started) {
                wpa_printf(MSG_ERROR, "%s: Interface %s wasn't started",
-                          __func__, hapd->conf->iface);
+                          __func__, hapd->conf ? hapd->conf->iface : "N/A");
                return;
        }
        hapd->started = 0;
@@ -431,7 +431,7 @@ static void hostapd_free_hapd_data(struct hostapd_data *hapd)
 static void hostapd_cleanup(struct hostapd_data *hapd)
 {
        wpa_printf(MSG_DEBUG, "%s(hapd=%p (%s))", __func__, hapd,
-                  hapd->conf->iface);
+                  hapd->conf ? hapd->conf->iface : "N/A");
        if (hapd->iface->interfaces &&
            hapd->iface->interfaces->ctrl_iface_deinit) {
                wpa_msg(hapd->msg_ctx, MSG_INFO, WPA_EVENT_TERMINATING);
@@ -506,7 +506,7 @@ static void hostapd_cleanup_iface(struct hostapd_iface *iface)
 
 static void hostapd_clear_wep(struct hostapd_data *hapd)
 {
-       if (hapd->drv_priv && !hapd->iface->driver_ap_teardown) {
+       if (hapd->drv_priv && !hapd->iface->driver_ap_teardown && hapd->conf) {
                hostapd_set_privacy(hapd, 0);
                hostapd_broadcast_wep_clear(hapd);
        }
@@ -2155,7 +2155,7 @@ static void hostapd_bss_deinit(struct hostapd_data *hapd)
        if (!hapd)
                return;
        wpa_printf(MSG_DEBUG, "%s: deinit bss %s", __func__,
-                  hapd->conf->iface);
+                  hapd->conf ? hapd->conf->iface : "N/A");
        hostapd_bss_deinit_no_free(hapd);
        wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
        hostapd_cleanup(hapd);