[PATCH] hostapd: add command to ban a station

[Jouni Malinen]

On Thu, Nov 19, 2015 at 04:43:17PM +0100, Matteo Croce wrote:
> ---

Please provide a more complete commit message describing the added
function and add a Signed-off-by: line as described in the top level
CONTRIBUTIONS file so that I can apply this.

> diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
> @@ -65,6 +65,7 @@ static const char *const commands_help =
> +"   ban <addr>           ban a station\n"

> @@ -348,6 +349,23 @@ static int hostapd_cli_cmd_disassociate(struct wpa_ctrl *ctrl, int argc,
> +static int hostapd_cli_cmd_ban(struct wpa_ctrl *ctrl, int argc,
> +					  char *argv[])
> +{
> +	char buf[64];
> +	if (argc < 1) {
> +		printf("Invalid 'ban' command - exactly one "
> +		       "argument, STA address, is required.\n");
> +		return -1;
> +	}
> +	if (argc > 1)
> +		os_snprintf(buf, sizeof(buf), "BAN %s %s",
> +			    argv[0], argv[1]);

What is the purpose of allowing two arguments if the command is
documented as requiring exactly one argument?

> diff --git a/src/ap/ctrl_iface_ap.c b/src/ap/ctrl_iface_ap.c
> @@ -408,6 +408,31 @@ int hostapd_ctrl_iface_disassociate(struct hostapd_data *hapd,
> +int hostapd_ctrl_iface_ban(struct hostapd_data *hapd,
> +			   const char *txtaddr)
> +{
> +	u8 addr[ETH_ALEN];
> +	struct mac_acl_entry *acl = hapd->conf->deny_mac;
> +	int num_acl = hapd->conf->num_deny_mac + 1;

> +	hapd->conf->macaddr_acl = 0;
> +
> +	acl = os_realloc_array(acl, num_acl, sizeof(*acl));
> +	os_memcpy(acl[num_acl - 1].addr, addr, ETH_ALEN);

Need to verify whether os_realloc_array() returns NULL and if so, keep
in mind that the old allocation is still valid. This construction here
would result in memory leak followed by NULL pointer dereference
crashing the program if that reallocation were to fail.
 
-- 
Jouni Malinen                                            PGP id EFC895FA