[PATCH] hostapd: Fix segfault after ACS when flushing STAs
Helmut Schaa
helmut.schaa
Thu Oct 10 00:48:56 PDT 2013
When hostapd receives an auth frame during ACS the transmission of
the according auth response will always fail:
ACS: Automatic channel selection started, this may take a bit
[..]
send_auth_reply: send: Resource temporarily unavailable
[..]
However, a station info entry was created. Once ACS is finished
it will flush all stations even though hapd was not yet fully
initialized. This results in a segfault when trying to access
hapd->radius:
0 0x0042c1c0 in radius_client_flush_auth ()
1 0x00416a94 in ap_free_sta ()
2 0x00416cc0 in hostapd_free_stas ()
3 0x0040bce8 in hostapd_flush_old_stations ()
4 0x0040c790 in hostapd_setup_interface_complete ()
5 0x0046347c in acs_scan_complete ()
6 0x0040f834 in hostapd_wpa_event ()
7 0x0043af08 in send_scan_event.part.46 ()
8 0x00443a64 in send_scan_event ()
9 0x00443c24 in do_process_drv_event ()
10 0x004449e8 in process_global_event ()
11 0x7767d7d0 in ?? ()
Fix this by not presuming anything about the initialization state of
hapd and checking ->radius before accessing.
Signed-off-hostapd: Helmut Schaa <helmut.schaa at googlemail.com>
---
Actually, this is more a workaround then a proper fix since I think
hostapd should not accept any mgmt frames during ACS and as such the
STA list should always be empty. However, accessing anything outside
the scope of a single sta_info from ap_free_sta should be protected by
a NULL check.
src/ap/sta_info.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 6704c09..016b9b6 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -232,7 +232,8 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
wpa_auth_sta_deinit(sta->wpa_sm);
rsn_preauth_free_station(hapd, sta);
#ifndef CONFIG_NO_RADIUS
- radius_client_flush_auth(hapd->radius, sta->addr);
+ if (hapd->radius)
+ radius_client_flush_auth(hapd->radius, sta->addr);
#endif /* CONFIG_NO_RADIUS */
os_free(sta->last_assoc_req);
--
1.7.10.4
More information about the Hostap
mailing list