From f79968ee0f76c41414fb0c08980b9c2a259964d3 Mon Sep 17 00:00:00 2001 From: Matthew Cather Date: Mon, 3 Mar 2025 13:22:11 -0600 Subject: [PATCH] hostapd: fix ucode memory leak with strings This fixes a common reference counting bug typically along the lines of: ``` uc_value_push(ucv_get(ucv_string_new(...))); ``` This would leave our new string with a reference count of 2, one from the construction of the string, the other from `ucv_get`. This would prevent the strings from being correctly cleaned up when it goes out of scope. Signed-off-by: Matthew Cather --- .../services/hostapd/src/src/ap/ucode.c | 22 +++++++++---------- .../services/hostapd/src/src/utils/ucode.c | 2 +- .../hostapd/src/wpa_supplicant/ucode.c | 17 +++++++------- 3 files changed, 19 insertions(+), 22 deletions(-) diff --git a/package/network/services/hostapd/src/src/ap/ucode.c b/package/network/services/hostapd/src/src/ap/ucode.c index e496b8b7aa..ede606b6b3 100644 --- a/package/network/services/hostapd/src/src/ap/ucode.c +++ b/package/network/services/hostapd/src/src/ap/ucode.c @@ -56,7 +56,7 @@ hostapd_ucode_update_bss_list(struct hostapd_iface *iface, uc_value_t *if_bss, u struct hostapd_data *hapd = iface->bss[i]; uc_value_t *val = hostapd_ucode_bss_get_uval(hapd); - ucv_array_set(list, i, ucv_get(ucv_string_new(hapd->conf->iface))); + ucv_array_set(list, i, ucv_string_new(hapd->conf->iface)); ucv_object_add(bss, hapd->conf->iface, ucv_get(val)); } ucv_object_add(if_bss, iface->phy, ucv_get(list)); @@ -721,11 +721,10 @@ int hostapd_ucode_sta_auth(struct hostapd_data *hapd, struct sta_info *sta) if (wpa_ucode_call_prepare("sta_auth")) return 0; - uc_value_push(ucv_get(ucv_string_new(hapd->conf->iface))); + uc_value_push(ucv_string_new(hapd->conf->iface)); snprintf(addr, sizeof(addr), MACSTR, MAC2STR(sta->addr)); - val = ucv_string_new(addr); - uc_value_push(ucv_get(val)); + uc_value_push(ucv_string_new(addr)); val = wpa_ucode_call(2); @@ -787,16 +786,15 @@ void hostapd_ucode_sta_connected(struct hostapd_data *hapd, struct sta_info *sta if (wpa_ucode_call_prepare("sta_connected")) return; - uc_value_push(ucv_get(ucv_string_new(hapd->conf->iface))); + uc_value_push(ucv_string_new(hapd->conf->iface)); snprintf(addr, sizeof(addr), MACSTR, MAC2STR(sta->addr)); - val = ucv_string_new(addr); - uc_value_push(ucv_get(val)); + uc_value_push(ucv_string_new(addr)); val = ucv_object_new(vm); if (sta->psk_idx) ucv_object_add(val, "psk_idx", ucv_int64_new(sta->psk_idx - 1)); - uc_value_push(ucv_get(val)); + uc_value_push(val); val = wpa_ucode_call(3); if (ucv_type(val) != UC_OBJECT) @@ -929,8 +927,8 @@ void hostapd_ucode_bss_cb(struct hostapd_data *hapd, const char *type) return; val = hostapd_ucode_bss_get_uval(hapd); - uc_value_push(ucv_get(ucv_string_new(hapd->iface->phy))); - uc_value_push(ucv_get(ucv_string_new(hapd->conf->iface))); + uc_value_push(ucv_string_new(hapd->iface->phy)); + uc_value_push(ucv_string_new(hapd->conf->iface)); uc_value_push(ucv_get(val)); ucv_put(wpa_ucode_call(3)); ucv_gc(vm); @@ -963,9 +961,9 @@ void hostapd_ucode_apup_newpeer(struct hostapd_data *hapd, const char *ifname) return; val = hostapd_ucode_bss_get_uval(hapd); - uc_value_push(ucv_get(ucv_string_new(hapd->conf->iface))); // BSS ifname + uc_value_push(ucv_string_new(hapd->conf->iface)); // BSS ifname uc_value_push(ucv_get(val)); - uc_value_push(ucv_get(ucv_string_new(ifname))); // APuP peer ifname + uc_value_push(ucv_string_new(ifname)); // APuP peer ifname ucv_put(wpa_ucode_call(2)); ucv_gc(vm); } diff --git a/package/network/services/hostapd/src/src/utils/ucode.c b/package/network/services/hostapd/src/src/utils/ucode.c index a1762844b5..7ce121ee1e 100644 --- a/package/network/services/hostapd/src/src/utils/ucode.c +++ b/package/network/services/hostapd/src/src/utils/ucode.c @@ -172,7 +172,7 @@ uc_value_t *uc_wpa_freq_info(uc_vm_t *vm, size_t nargs) ucv_object_add(ret, "op_class", ucv_int64_new(op_class)); ucv_object_add(ret, "channel", ucv_int64_new(channel)); ucv_object_add(ret, "hw_mode", ucv_int64_new(hw_mode)); - ucv_object_add(ret, "hw_mode_str", ucv_get(ucv_string_new(modestr))); + ucv_object_add(ret, "hw_mode_str", ucv_string_new(modestr)); ucv_object_add(ret, "sec_channel", ucv_int64_new(sec_channel)); ucv_object_add(ret, "frequency", ucv_int64_new(freq_val)); diff --git a/package/network/services/hostapd/src/wpa_supplicant/ucode.c b/package/network/services/hostapd/src/wpa_supplicant/ucode.c index 9380b301c3..31427c39a1 100644 --- a/package/network/services/hostapd/src/wpa_supplicant/ucode.c +++ b/package/network/services/hostapd/src/wpa_supplicant/ucode.c @@ -49,7 +49,7 @@ void wpas_ucode_add_bss(struct wpa_supplicant *wpa_s) if (wpa_ucode_call_prepare("iface_add")) return; - uc_value_push(ucv_get(ucv_string_new(wpa_s->ifname))); + uc_value_push(ucv_string_new(wpa_s->ifname)); uc_value_push(ucv_get(wpas_ucode_iface_get_uval(wpa_s))); ucv_put(wpa_ucode_call(2)); ucv_gc(vm); @@ -67,7 +67,7 @@ void wpas_ucode_free_bss(struct wpa_supplicant *wpa_s) if (wpa_ucode_call_prepare("iface_remove")) return; - uc_value_push(ucv_get(ucv_string_new(wpa_s->ifname))); + uc_value_push(ucv_string_new(wpa_s->ifname)); uc_value_push(ucv_get(val)); ucv_put(wpa_ucode_call(2)); ucv_gc(vm); @@ -86,9 +86,9 @@ void wpas_ucode_update_state(struct wpa_supplicant *wpa_s) return; state = wpa_supplicant_state_txt(wpa_s->wpa_state); - uc_value_push(ucv_get(ucv_string_new(wpa_s->ifname))); + uc_value_push(ucv_string_new(wpa_s->ifname)); uc_value_push(ucv_get(val)); - uc_value_push(ucv_get(ucv_string_new(state))); + uc_value_push(ucv_string_new(state)); ucv_put(wpa_ucode_call(3)); ucv_gc(vm); } @@ -108,9 +108,9 @@ void wpas_ucode_event(struct wpa_supplicant *wpa_s, int event, union wpa_event_d if (wpa_ucode_call_prepare("event")) return; - uc_value_push(ucv_get(ucv_string_new(wpa_s->ifname))); + uc_value_push(ucv_string_new(wpa_s->ifname)); uc_value_push(ucv_get(val)); - uc_value_push(ucv_get(ucv_string_new(event_to_string(event)))); + uc_value_push(ucv_string_new(event_to_string(event))); val = ucv_object_new(vm); uc_value_push(ucv_get(val)); @@ -212,15 +212,14 @@ uc_wpas_iface_status(uc_vm_t *vm, size_t nargs) { struct wpa_supplicant *wpa_s = uc_fn_thisval("wpas.iface"); struct wpa_bss *bss; - uc_value_t *ret, *val; + uc_value_t *ret; if (!wpa_s) return NULL; ret = ucv_object_new(vm); - val = ucv_string_new(wpa_supplicant_state_txt(wpa_s->wpa_state)); - ucv_object_add(ret, "state", ucv_get(val)); + ucv_object_add(ret, "state", ucv_string_new(wpa_supplicant_state_txt(wpa_s->wpa_state))); bss = wpa_s->current_bss; if (bss) { -- 2.30.2