| developer | 05f3b2b | 2024-08-19 19:17:34 +0800 | [diff] [blame] | 1 | From 6207a7d1f0601a12be9639aa3507faf10b84398a Mon Sep 17 00:00:00 2001 |
| 2 | From: StanleyYP Wang <StanleyYP.Wang@mediatek.com> |
| 3 | Date: Thu, 15 Aug 2024 18:50:41 +0800 |
| 4 | Subject: [PATCH 126/126] mtk: hostapd: Fix hostapd crash in wds mode during |
| 5 | freeing sta |
| 6 | |
| 7 | When freeing sta in wds mode, ap_free_sta will pass NULL pointer (ifname_wds) |
| 8 | to hostapd_set_wds_sta. |
| 9 | The ifname_wds will directly assigned to name and being used without |
| 10 | checking whether it is NULL or not in i802_set_wds_sta. |
| 11 | The following hostapd patch of the openwrt trunk leads to this issue. |
| 12 | https://github.com/openwrt/openwrt/commit/e80520197c9ca7bced50d3605d6baba6dead6e35 |
| 13 | |
| 14 | Signed-off-by: StanleyYP Wang <StanleyYP.Wang@mediatek.com> |
| 15 | --- |
| 16 | src/drivers/driver_nl80211.c | 5 ++++- |
| 17 | 1 file changed, 4 insertions(+), 1 deletion(-) |
| 18 | |
| 19 | diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c |
| 20 | index efee210b9..a08afb5d4 100644 |
| 21 | --- a/src/drivers/driver_nl80211.c |
| 22 | +++ b/src/drivers/driver_nl80211.c |
| 23 | @@ -8603,10 +8603,13 @@ static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, |
| 24 | { |
| 25 | struct i802_bss *bss = priv; |
| 26 | struct wpa_driver_nl80211_data *drv = bss->drv; |
| 27 | - const char *name = ifname_wds; // Kept to reduce changes to the minimum |
| 28 | + char name[IFNAMSIZ + 1]; |
| 29 | union wpa_event_data event; |
| 30 | int ret; |
| 31 | |
| 32 | + if (ifname_wds) |
| 33 | + os_strlcpy(name, ifname_wds, IFNAMSIZ + 1); |
| 34 | + |
| 35 | wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR |
| 36 | " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); |
| 37 | if (val) { |
| 38 | -- |
| 39 | 2.18.0 |
| 40 | |