From ce69407e6912bd7b6da3a252a0383a350edef3dd Mon Sep 17 00:00:00 2001 From: Aditya Kumar Singh Date: Mon, 1 Sep 2025 11:20:25 +0530 Subject: [PATCH] AP MLD: Fix memory leak in control interface initialization path If initialization of the MLD-level control interface fails, the current code exits and frees the mld object without releasing mld->ctrl_interface, resulting in a memory leak. MEMLEAK[0x552d3d74a0]: len 17 WPA_TRACE: memleak - START [0]: hostap/tests/hwsim/../../hostapd/hostapd(os_malloc+0x52) [0x552ab41c32] os_malloc() ../src/utils/os_unix.c:740 [1]: hostap/tests/hwsim/../../hostapd/hostapd(os_strdup+0x1e) [0x552ab41f1e] os_strdup() ../src/utils/os_unix.c:810 [2]: hostap/tests/hwsim/../../hostapd/hostapd(hostapd_bss_setup_multi_link+0x120) [0x552aaf4240] hostapd_bss_setup_multi_link() ../src/ap/hostapd.c:3849 [3]: hostap/tests/hwsim/../../hostapd/hostapd(+0x4a3e7) [0x552aaf43e7] hostapd_data_alloc() ../src/ap/hostapd.c:4659 [4]: hostap/tests/hwsim/../../hostapd/hostapd(hostapd_add_iface+0x223) [0x552aafb503] hostapd_add_iface() ../src/ap/hostapd.c:4807 [5]: hostap/tests/hwsim/../../hostapd/hostapd(+0xb6e1a) [0x552ab60e1a] hostapd_ctrl_iface_add() ctrl_iface.c:7302 [6]: hostap/tests/hwsim/../../hostapd/hostapd(+0xc4a08) [0x552ab6ea08] hostapd_global_ctrl_iface_receive() ctrl_iface.c:7700 [7]: hostap/tests/hwsim/../../hostapd/hostapd(+0x921ed) [0x552ab3c1ed] eloop_sock_table_dispatch() ../src/utils/eloop.c:609 [8]: hostap/tests/hwsim/../../hostapd/hostapd(eloop_run+0x1fb) [0x552ab3cd0b] eloop_run() ../src/utils/eloop.c:1247 [9]: hostap/tests/hwsim/../../hostapd/hostapd(+0x364bc) [0x552aae04bc] hostapd_global_run() main.c:606 [10]: hostap/tests/hwsim/../../hostapd/hostapd(main+0x8a0) [0x552aadf8b0] main() main.c:1118 [11]: /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x409acd90] In order to fix this issue, deinit the mld->ctrl_interface object properly before freeing the MLD during failure case. Fixes: 14cb3906af0a ("AP MLD: Introduce MLD level control interface socket") Signed-off-by: Aditya Kumar Singh --- src/ap/hostapd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index f2f0c2949..8da0ccafe 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -3179,6 +3179,7 @@ fail: if (!mld) return; + interfaces->mld_ctrl_iface_deinit(mld); wpa_printf(MSG_DEBUG, "AP MLD %s: free mld %p", mld->name, mld); os_free(mld); hapd->mld = NULL; -- 2.47.3