Fix hostapd segfault on beacon hint event

Commit 795baf773f6d53bae3cfae4df6edda63e5022344 ('hostapd: Filter
channel list updated events after country code change') uses the
EVENT_CHANNEL_LIST_CHANGED data pointer, but it updated only one of the
callers to provide that data. NL80211_CMD_REG_BEACON_HINT event was
still sending the event without the initiator data and resulted in NULL
pointer dereference, e.g., if a scan was run while hostapd was running
and the driver was in world roaming state and enabled a channel for
active scans.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 2f4536ee619080483321bbef06534df28c70aa45..7ad857616c805b8d0e03f1c7f1397f6e72e31926 100644 (file)
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -47,6 +47,7 @@ enum reg_change_initiator {
        REGDOM_SET_BY_USER,
        REGDOM_SET_BY_DRIVER,
        REGDOM_SET_BY_COUNTRY_IE,
+       REGDOM_BEACON_HINT,
 };
 
 /**

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 81f20b376b089dba6cb236517d9faac4685866ad..5323e99c08afb2b215eea7fa3d9e501e01ce587e 100644 (file)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -3000,8 +3000,10 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
                break;
        case NL80211_CMD_REG_BEACON_HINT:
                wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
+               os_memset(&data, 0, sizeof(data));
+               data.channel_list_changed.initiator = REGDOM_BEACON_HINT;
                wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
-                                    NULL);
+                                    &data);
                break;
        case NL80211_CMD_NEW_STATION:
                nl80211_new_station_event(drv, tb);