Initialize iface->sta_seen on allocation

Previously, struct hostapd_iface sta_seen list head was initialized only
when completing interface setup. This left a window for operation that
could potentially iterate through the list before the list head has been
initialized. While the existing code checked iface->num_sta_seen to
avoid this case, it is much cleaner to initialize the list when struct
hostapd_iface is allocated to avoid any accidental missing of the extra
checks before list iteration.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index a09d4232a715cc0ec4aff5d1f0db3164c171f977..5e83fbc441ce5bbe8432df518a1710fb8a39475a 100644 (file)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -1777,7 +1777,6 @@ static int hostapd_setup_interface_complete_sync(struct hostapd_iface *iface,
        hostapd_tx_queue_params(iface);
 
        ap_list_init(iface);
-       dl_list_init(&iface->sta_seen);
 
        hostapd_set_acl(hapd);
 
@@ -2068,6 +2067,20 @@ void hostapd_interface_free(struct hostapd_iface *iface)
 }
 
 
+struct hostapd_iface * hostapd_alloc_iface(void)
+{
+       struct hostapd_iface *hapd_iface;
+
+       hapd_iface = os_zalloc(sizeof(*hapd_iface));
+       if (!hapd_iface)
+               return NULL;
+
+       dl_list_init(&hapd_iface->sta_seen);
+
+       return hapd_iface;
+}
+
+
 /**
  * hostapd_init - Allocate and initialize per-interface data
  * @config_file: Path to the configuration file
@@ -2085,7 +2098,7 @@ struct hostapd_iface * hostapd_init(struct hapd_interfaces *interfaces,
        struct hostapd_data *hapd;
        size_t i;
 
-       hapd_iface = os_zalloc(sizeof(*hapd_iface));
+       hapd_iface = hostapd_alloc_iface();
        if (hapd_iface == NULL)
                goto fail;
 
@@ -2421,7 +2434,7 @@ hostapd_iface_alloc(struct hapd_interfaces *interfaces)
                return NULL;
        interfaces->iface = iface;
        hapd_iface = interfaces->iface[interfaces->count] =
-               os_zalloc(sizeof(*hapd_iface));
+               hostapd_alloc_iface();
        if (hapd_iface == NULL) {
                wpa_printf(MSG_ERROR, "%s: Failed to allocate memory for "
                           "the interface", __func__);

diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index 195679e5353e834dcc324d11cb3bca383f81c43d..f58c965f5efe6075c2beae31c1d6a18eb36a4a1a 100644 (file)
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -471,6 +471,7 @@ int hostapd_setup_interface(struct hostapd_iface *iface);
 int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
 void hostapd_interface_deinit(struct hostapd_iface *iface);
 void hostapd_interface_free(struct hostapd_iface *iface);
+struct hostapd_iface * hostapd_alloc_iface(void);
 struct hostapd_iface * hostapd_init(struct hapd_interfaces *interfaces,
                                    const char *config_file);
 struct hostapd_iface *

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 356784ab9e62c813afdc86208e48291498e830e6..5afb772ba192e087c66910ef875556f7e01019d8 100644 (file)
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -675,7 +675,7 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
                return -1;
        }
 
-       wpa_s->ap_iface = hapd_iface = os_zalloc(sizeof(*wpa_s->ap_iface));
+       wpa_s->ap_iface = hapd_iface = hostapd_alloc_iface();
        if (hapd_iface == NULL)
                return -1;
        hapd_iface->owner = wpa_s;