nl80211: Initialize full channel info struct even if channel is not known

It was possible for the driver to advertise support for channels that
are not found from wpa_supplicant frequency-to-channel mapping (e.g.,
channel 182 at 5910 MHz) and that resulted in not initializing the
channel number information. Fix this by explicitly clearing the full
struct hostapd_channel_data buffer before parsing the information into
it from the driver.

This avoids some conditional jumps that could have dependent on
uninitialized values.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index d8630bb4a8e83ec91f64ee0946aa257cbce89281..9a82cd1e52415bb554585fc49aae896b55a24517 100644 (file)
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -1365,12 +1365,18 @@ static void phy_info_freq(struct hostapd_hw_modes *mode,
                          struct nlattr *tb_freq[])
 {
        u8 channel;
+
+       os_memset(chan, 0, sizeof(*chan));
        chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
        chan->flag = 0;
        chan->allowed_bw = ~0;
        chan->dfs_cac_ms = 0;
        if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES)
                chan->chan = channel;
+       else
+               wpa_printf(MSG_DEBUG,
+                          "nl80211: No channel number found for frequency %u MHz",
+                          chan->freq);
 
        if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
                chan->flag |= HOSTAPD_CHAN_DISABLED;