Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-28 18:28:23 -05:00
Code Issues Projects Releases Wiki Activity

Initialize hapd->nr_db in hostapd_alloc_bss_data()

Browse Source 
Previously, this was initialized in hostapd_setup_bss() which made it
possible for a REMOVE_NEIGHBOR control interface command to be issued
prior to the list head pointers having been set. That resulted in a NULL
pointer dereference. Fix this by initializing the list head at the time
the data structure gets allocated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2016-08-19 16:29:22 +03:00 committed by Jouni Malinen
parent 30e0745bf7
commit f2f8616e80
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ap/hostapd.c
View File

@ -912,7 +912,6 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
return -1; return -1;
} }
hapd->started = 1; hapd->started = 1;
dl_list_init(&hapd->nr_db);
if (!first || first == -1) { if (!first || first == -1) {
u8 *addr = hapd->own_addr; u8 *addr = hapd->own_addr;
@ -2002,6 +2001,7 @@ hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
hapd->driver = hapd->iconf->driver; hapd->driver = hapd->iconf->driver;
hapd->ctrl_sock = -1; hapd->ctrl_sock = -1;
dl_list_init(&hapd->ctrl_dst); dl_list_init(&hapd->ctrl_dst);
dl_list_init(&hapd->nr_db);
return hapd; return hapd;
} }

1
wpa_supplicant/mesh.c
View File

@ -178,6 +178,7 @@ static int wpa_supplicant_mesh_init(struct wpa_supplicant *wpa_s,
ifmsh->bss[0] = bss = os_zalloc(sizeof(struct hostapd_data)); ifmsh->bss[0] = bss = os_zalloc(sizeof(struct hostapd_data));
if (!bss) if (!bss)
goto out_free; goto out_free;
dl_list_init(&bss->nr_db);
os_memcpy(bss->own_addr, wpa_s->own_addr, ETH_ALEN); os_memcpy(bss->own_addr, wpa_s->own_addr, ETH_ALEN);
bss->driver = wpa_s->driver; bss->driver = wpa_s->driver;