Hostapd throwing segmentation fault when sending SIGHUP signal
marvinleins at web.de
Fri Apr 21 04:17:37 PDT 2017
I ran in an error case as i was trying to reconfigure hostapd by sending the SIGHUP signal and hostapd was in state DISABLED.
This error is reproducible, hostapd will throw a segmentation fault because of a NULL-pointer dereference.
While looking debugging hostapd I noticed the 'int hostapd_reload_config(struct hostapd_iface *iface)' function in hostapd.c:156 getting invoked.
In there the functions 'hostapd_clear_old(iface)' and 'hostapd_reload_bss(hapd)' will be called, which result in the segmentation fault.
The actual NULL-pointer dereference happens in 'static int wpa_driver_nl80211_set_key()' function in driver_nl80211.c:2650.
In the first line of this function, the pointer bss will be dereferenced without check. In the case of hostapd being in DISABLED state this
pointer is NULL. In other states, the pointer is set and reconfiguration succeeds without error.
I commented out the mentioned functions in hostapd_reload_config(), causing a successful reconfiguration in DISABLED state, too.
It seems like the commented out driver communication happens also when enabling hostapd.
I don't know the effects of these functions and if this error is caused by calling redundant functions, a missing check or something
Please let me now if this is a known problem.
I am looking forward hearing from you.
FYI: Ubuntu 16.04 LTS / hostapd v2.6 / CSL USB WLAN Dongle 300Mbit (Chipset: Ralink RT5572)
From lshw: "driver=rt2800usb driverversion=4.4.0-57-generic firmware=0.29"
More information about the Hostap