From: David Bauer Date: Wed, 17 Nov 2021 20:46:11 +0000 (+0100) Subject: hostapd: fix use after free bugs X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=7ae04d3799d44b4a9fd3a2c82763d202be97fb77;p=openwrt%2Fstaging%2F981213.git hostapd: fix use after free bugs Using a pointer one lifter after it freed is not the best idea. Let's not do that. Signed-off-by: David Bauer --- diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index ccf66be6b8..b7f156bceb 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -234,22 +234,22 @@ wpabuf_free(sta->p2p_ie); --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c -@@ -459,6 +459,7 @@ void ap_handle_timer(void *eloop_ctx, vo +@@ -458,6 +458,7 @@ void ap_handle_timer(void *eloop_ctx, vo + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_INFO, "deauthenticated due to " "local deauth request"); - ap_free_sta(hapd, sta); + hostapd_ubus_notify(hapd, "local-deauth", sta->addr); + ap_free_sta(hapd, sta); return; } - -@@ -614,6 +615,7 @@ skip_poll: +@@ -613,6 +614,7 @@ skip_poll: + mlme_deauthenticate_indication( hapd, sta, WLAN_REASON_PREV_AUTH_NOT_VALID); - ap_free_sta(hapd, sta); + hostapd_ubus_notify(hapd, "inactive-deauth", sta->addr); + ap_free_sta(hapd, sta); break; } - } @@ -1329,6 +1331,7 @@ void ap_sta_set_authorized(struct hostap buf, ip_addr, keyid_buf); } else {