| From 6207a7d1f0601a12be9639aa3507faf10b84398a Mon Sep 17 00:00:00 2001 |
| From: StanleyYP Wang <StanleyYP.Wang@mediatek.com> |
| Date: Thu, 15 Aug 2024 18:50:41 +0800 |
| Subject: [PATCH 126/126] mtk: hostapd: Fix hostapd crash in wds mode during |
| freeing sta |
| |
| When freeing sta in wds mode, ap_free_sta will pass NULL pointer (ifname_wds) |
| to hostapd_set_wds_sta. |
| The ifname_wds will directly assigned to name and being used without |
| checking whether it is NULL or not in i802_set_wds_sta. |
| The following hostapd patch of the openwrt trunk leads to this issue. |
| https://github.com/openwrt/openwrt/commit/e80520197c9ca7bced50d3605d6baba6dead6e35 |
| |
| Signed-off-by: StanleyYP Wang <StanleyYP.Wang@mediatek.com> |
| --- |
| src/drivers/driver_nl80211.c | 5 ++++- |
| 1 file changed, 4 insertions(+), 1 deletion(-) |
| |
| diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c |
| index efee210b9..a08afb5d4 100644 |
| --- a/src/drivers/driver_nl80211.c |
| +++ b/src/drivers/driver_nl80211.c |
| @@ -8603,10 +8603,13 @@ static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, |
| { |
| struct i802_bss *bss = priv; |
| struct wpa_driver_nl80211_data *drv = bss->drv; |
| - const char *name = ifname_wds; // Kept to reduce changes to the minimum |
| + char name[IFNAMSIZ + 1]; |
| union wpa_event_data event; |
| int ret; |
| |
| + if (ifname_wds) |
| + os_strlcpy(name, ifname_wds, IFNAMSIZ + 1); |
| + |
| wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR |
| " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); |
| if (val) { |
| -- |
| 2.18.0 |
| |