Crash in hostapd_eid_time_adv with DFS CAC
Jouni Malinen
j at w1.fi
Sat Mar 6 13:51:08 GMT 2021
On Mon, Mar 01, 2021 at 11:35:01PM +0100, michael-dev wrote:
> this is the logs resulting in the crash.
>
> It can be seen that we have DFS-RADAR-DETECTED on wlan1, wlan1: interface
> state ENABLED->DISABLED, and later wlan1 is reenabled.
> Thus hostapd_disable_iface -> hostapd_free_hapd_data ->
> wpabuf_free(hapd->time_adv) when wlan1 becomes disabled.
> Later when wlan1 is re-enabled, hapd->time_adv points to a freed pointer, as
> - different to e.g. hapd->radius - it is not cleared after freeing.
>
> Please find attached a patch that addresses this.
Thanks, applied.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list