From: Michael Braun <michael-dev@fami-braun.de>
Date: Mon, 1 Mar 2021 21:27:46 +0000 (+0200)
Subject: Fix use after free with hapd->time_adv on interface restart
X-Git-Tag: hostap_2_10~478
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2da3105ac1afc9fb931c4106d4007db6ba77c00a;p=thirdparty%2Fhostap.git

Fix use after free with hapd->time_adv on interface restart

When an interface is disabled, e.g. due to radar detected,
hapd->time_adv is freed by hostapd_free_hapd_data(), but later
used by ieee802_11_build_ap_params() calling hostapd_eid_time_adv().

Thus hapd->time_adv needs to be cleared as well.

Fixes: 39b97072b2a4 ("Add support for Time Advertisement")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
---

diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 2f3e7878f..f06647c95 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -414,6 +414,7 @@ void hostapd_free_hapd_data(struct hostapd_data *hapd)
 	}
 
 	wpabuf_free(hapd->time_adv);
+	hapd->time_adv = NULL;
 
 #ifdef CONFIG_INTERWORKING
 	gas_serv_deinit(hapd);