[PATCH] AP MLD: Ensure hostapd_deinit_driver() is called when driver_init() fails
Jouni Malinen
j at w1.fi
Thu Jun 19 02:30:41 PDT 2025
On Tue, Apr 15, 2025 at 01:21:46PM +0000, Richard Yu-游宗勳 wrote:
> AP MLD: Ensure hostapd_deinit_driver() is called when driver_init() fails
>
> Ensure hostapd_deinit_driver() is called when driver_init() fails in both
> hostapd_enable_iface() and hostapd_add_iface().
>
> When initializing an AP MLD interface, driver_init() first assigns a valid
> private driver interface data pointer (drv_priv) to the hostapd_iface
> structure. It then attempts to add a link by calling hostapd_drv_link_add().
> This call may fail under certain conditions, such as ENETDOWN, EALREADY,
> or other transient errors.
>
> In such failure cases, the hostapd interface retains a valid drv_priv
> pointer, but no cleanup is performed. This results in an untracked reference
> to the private driver interface data. While the memory backing drv_priv will
> eventually be freed when the last interface sharing it is deinitialized, the
> lack of cleanup in early failure paths can then lead to invalid memory access,
> potentially resulting in a segmentation fault.
>
> This patch ensures that hostapd_deinit_driver() is invoked in both failure
> paths to properly release references to driver resources and maintain
> consistency across interface initialization routines.
Thanks, applied.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list