[PATCH] AP MLD: Ensure hostapd_deinit_driver() is called when driver_init() fails

Jouni Malinen j at w1.fi
Thu Jun 19 02:30:41 PDT 2025


On Tue, Apr 15, 2025 at 01:21:46PM +0000, Richard Yu-游宗勳 wrote:
> AP MLD: Ensure hostapd_deinit_driver() is called when driver_init() fails
> 
> Ensure hostapd_deinit_driver() is called when driver_init() fails in both
> hostapd_enable_iface() and hostapd_add_iface().
> 
> When initializing an AP MLD interface, driver_init() first assigns a valid
> private driver interface data pointer (drv_priv) to the hostapd_iface
> structure. It then attempts to add a link by calling hostapd_drv_link_add().
> This call may fail under certain conditions, such as ENETDOWN, EALREADY,
> or other transient errors.
> 
> In such failure cases, the hostapd interface retains a valid drv_priv
> pointer, but no cleanup is performed. This results in an untracked reference
> to the private driver interface data. While the memory backing drv_priv will
> eventually be freed when the last interface sharing it is deinitialized, the
> lack of cleanup in early failure paths can then lead to invalid memory access,
> potentially resulting in a segmentation fault.
> 
> This patch ensures that hostapd_deinit_driver() is invoked in both failure
> paths to properly release references to driver resources and maintain
> consistency across interface initialization routines.

Thanks, applied.
 
-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list