Fix use after free with hapd->time_adv on interface restart

When an interface is disabled, e.g. due to radar detected,
hapd->time_adv is freed by hostapd_free_hapd_data(), but later
used by ieee802_11_build_ap_params() calling hostapd_eid_time_adv().

Thus hapd->time_adv needs to be cleared as well.

Fixes: 39b97072b2a4 ("Add support for Time Advertisement")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 2f3e7878f6fcddfcd92383c616ab0bd6d219d801..f06647c953d4b4bd48cb21b98fc6c0f85ff14ecd 100644 (file)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -414,6 +414,7 @@ void hostapd_free_hapd_data(struct hostapd_data *hapd)
        }
 
        wpabuf_free(hapd->time_adv);
+       hapd->time_adv = NULL;
 
 #ifdef CONFIG_INTERWORKING
        gas_serv_deinit(hapd);