Ignore channel switch event if AP interface is not yet ready

It is apparently possible to somehow trigger the driver to report a
channel switch event during ACS operation when the interface information
is not yet complete. hapd->iface->current_mode could be NULL in that
case and that would result in process termination due to NULL pointer
dereference.

It should not really be possible to trigger a channel switch during ACS
is running (i.e., before the AP mode operation has been started), but
since that has been seen in an arbitrary test sequence with interface
start/stop operations with various parameters (both valid and invalid),
better prevent a crash here by ignoring the unexpected event instead of
trying to process it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 58753e55ae1b18d90f189c144b3b0fc86987f2bf..6a40b8f9810ca28583b25c79ce24dfd45ac3b386 100644 (file)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -789,6 +789,13 @@ void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht,
                       freq, ht, hapd->iconf->ch_switch_vht_config, offset,
                       width, channel_width_to_string(width), cf1, cf2);
 
+       if (!hapd->iface->current_mode) {
+               hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
+                              HOSTAPD_LEVEL_WARNING,
+                              "ignore channel switch since the interface is not yet ready");
+               return;
+       }
+
        hapd->iface->freq = freq;
 
        channel = hostapd_hw_get_channel(hapd, freq);