From: Jouni Malinen <j@w1.fi>
Date: Sun, 2 Mar 2014 13:29:26 +0000 (+0200)
Subject: Clean up hostapd add_iface error path operations
X-Git-Tag: hostap_2_2~693
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7b6e81575f410a24549fd52b4aa4f458bb1ec133;p=thirdparty%2Fhostap.git

Clean up hostapd add_iface error path operations

If hapd_iface->bss[i] == NULL, this could have resulted in NULL pointer
dereference in the debug print. Avoid this by skipping the message in
case of NULL pointer. In addition, clear iface->bss[i] to NULL for
additional robustness even though this array gets freed immediately.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 435a4e51b..ad1c2d039 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -1877,14 +1877,17 @@ fail:
 		if (hapd_iface->bss) {
 			for (i = 0; i < hapd_iface->num_bss; i++) {
 				hapd = hapd_iface->bss[i];
-				if (hapd && hapd_iface->interfaces &&
+				if (!hapd)
+					continue;
+				if (hapd_iface->interfaces &&
 				    hapd_iface->interfaces->ctrl_iface_deinit)
 					hapd_iface->interfaces->
 						ctrl_iface_deinit(hapd);
 				wpa_printf(MSG_DEBUG, "%s: free hapd %p (%s)",
 					   __func__, hapd_iface->bss[i],
-					hapd_iface->bss[i]->conf->iface);
-				os_free(hapd_iface->bss[i]);
+					   hapd->conf->iface);
+				os_free(hapd);
+				hapd_iface->bss[i] = NULL;
 			}
 			os_free(hapd_iface->bss);
 		}