[PATCH] AP MLD: Ensure hostapd_deinit_driver() is called when driver_init() fails

Richard Yu-游宗勳 Richard.Yu at mitrastar.com.tw
Tue Apr 15 06:21:46 PDT 2025 

AP MLD: Ensure hostapd_deinit_driver() is called when driver_init() fails

Ensure hostapd_deinit_driver() is called when driver_init() fails in both
hostapd_enable_iface() and hostapd_add_iface().

When initializing an AP MLD interface, driver_init() first assigns a valid
private driver interface data pointer (drv_priv) to the hostapd_iface
structure. It then attempts to add a link by calling hostapd_drv_link_add().
This call may fail under certain conditions, such as ENETDOWN, EALREADY,
or other transient errors.

In such failure cases, the hostapd interface retains a valid drv_priv
pointer, but no cleanup is performed. This results in an untracked reference
to the private driver interface data. While the memory backing drv_priv will
eventually be freed when the last interface sharing it is deinitialized, the
lack of cleanup in early failure paths can then lead to invalid memory access,
potentially resulting in a segmentation fault.

This patch ensures that hostapd_deinit_driver() is invoked in both failure
paths to properly release references to driver resources and maintain
consistency across interface initialization routines.

Signed-off-by: Richard Yu <richard.yu at mitrastar.com.tw>
---
 src/ap/hostapd.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 65dc14d60..9caef62e2 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -3596,8 +3596,12 @@ int hostapd_enable_iface(struct hostapd_iface *hapd_iface)

 if (hapd_iface->interfaces == NULL ||
     hapd_iface->interfaces->driver_init == NULL ||
-    hapd_iface->interfaces->driver_init(hapd_iface))
+    hapd_iface->interfaces->driver_init(hapd_iface)) {
+hostapd_deinit_driver(hapd_iface->bss[0]->driver,
+      hapd_iface->bss[0]->drv_priv,
+      hapd_iface);
 return -1;
+}

 if (hostapd_setup_interface(hapd_iface)) {
 hostapd_deinit_driver(hapd_iface->bss[0]->driver,
@@ -3855,8 +3859,13 @@ int hostapd_add_iface(struct hapd_interfaces *interfaces, char *buf)
 }

 if (new_iface) {
-if (interfaces->driver_init(hapd_iface))
+if (interfaces->driver_init(hapd_iface)) {
+hostapd_deinit_driver(
+hapd_iface->bss[0]->driver,
+hapd_iface->bss[0]->drv_priv,
+hapd_iface);
 goto fail;
+}

 if (hostapd_setup_interface(hapd_iface)) {
 hostapd_deinit_driver(
--
2.17.1
This email and any files transmitted with it may contain information of Mitrastar Corporation that are privileged / confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, disclose, distribute, copy, or use this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

More information about the Hostap mailing list