If HT40 co-ex scan fails due to the driver rejecting scan triggers
multiple times, it was possible for the ap_ht40_scan_retry() timeout
being left behind and it getting run after hapd->drv_priv has been
cleared. This would result in NULL pointer dereference in
driver_nl80211_scan.c. Fix this by canceling the timeout when disabling
the interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
static void hostapd_cleanup_iface_partial(struct hostapd_iface *iface)
{
wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);
+#ifdef CONFIG_IEEE80211N
+#ifdef NEED_AP_MLME
+ hostapd_stop_setup_timers(iface);
+#endif /* NEED_AP_MLME */
+#endif /* CONFIG_IEEE80211N */
hostapd_free_hw_features(iface->hw_features, iface->num_hw_features);
iface->hw_features = NULL;
os_free(iface->current_rates);