[PATCH 01/18] AP: fix use after free in link reconfiguration
Benjamin Berg
benjamin at sipsolutions.net
Thu Oct 30 01:24:32 PDT 2025
From: Benjamin Berg <benjamin.berg at intel.com>
Print the station MAC address before freeing the data.
Fixes: e166a37632d4 ("AP MLD: Control interface events for ML Setup Link Reconfiguration)
CC: Mohan Kumar G <quic_mkumarg at quicinc.com>
Signed-off-by: Benjamin Berg <benjamin.berg at intel.com>
---
src/ap/ieee802_11_eht.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ap/ieee802_11_eht.c b/src/ap/ieee802_11_eht.c
index ac36c9c48c..6e9e6f45d5 100644
--- a/src/ap/ieee802_11_eht.c
+++ b/src/ap/ieee802_11_eht.c
@@ -1676,10 +1676,10 @@ void hostapd_link_reconf_resp_tx_status(struct hostapd_data *hapd,
}
/* Free as a link STA */
- ap_free_sta(lhapd, lsta);
wpa_msg(hapd->msg_ctx, MSG_INFO,
WPA_EVENT_LINK_STA_REMOVED "sta=" MACSTR " link_id=%u",
MAC2STR(lsta->addr), link_id);
+ ap_free_sta(lhapd, lsta);
for_each_mld_link(other_hapd, lhapd) {
struct mld_link_info *link;
--
2.51.0
More information about the Hostap
mailing list