[PATCH] hostapd: fix segfault sending bss transition mgmt response on ubus
Sakura Industries
sakurainds at gmail.com
Sun Jul 24 06:28:10 PDT 2022
In the ubus support patch for bss transition management responses, the
target_bssid variable is left uninitialized if the client refuses to
transition for any reason. This leads to random segfaults in hostapd
when it marshals the ubus message, because it de-references this
uninitialized pointer to build the message.
There is no target_bssid for any response other than accept, so the
patch just sets the variable to NULL. The ubus code properly handles
that case. This issue is only noticable if one is using a band steering
agent like dawn.
Signed-off-by: Steven Johnson <sakurainds at gmail.com>
---
diff --git
a/package/network/services/hostapd/patches/600-ubus_support.patch
b/package/network/services/hostapd/patches/600-ubus_support.patch
index 4abb6887f6..737fa2ff61 100644
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -552,8 +552,9 @@
sta->agreed_to_steer = 1;
eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer,
-@@ -530,6 +532,10 @@ static void ieee802_11_rx_bss_trans_mgmt
+@@ -530,6 +532,11 @@ static void ieee802_11_rx_bss_trans_mgmt
MAC2STR(addr), status_code, bss_termination_delay);
++ target_bssid = NULL;
}
+ hostapd_ubus_notify_bss_transition_response(hapd, sta->addr,
dialog_token,
More information about the openwrt-devel
mailing list