From 5e993390f6ce34b169bf37becb2e5561262ec68f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 22 Sep 2016 00:31:00 +0300 Subject: [PATCH] Initialize iface->sta_seen on allocation Previously, struct hostapd_iface sta_seen list head was initialized only when completing interface setup. This left a window for operation that could potentially iterate through the list before the list head has been initialized. While the existing code checked iface->num_sta_seen to avoid this case, it is much cleaner to initialize the list when struct hostapd_iface is allocated to avoid any accidental missing of the extra checks before list iteration. Signed-off-by: Jouni Malinen --- src/ap/hostapd.c | 19 ++++++++++++++++--- src/ap/hostapd.h | 1 + wpa_supplicant/ap.c | 2 +- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index a09d423..5e83fbc 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -1777,7 +1777,6 @@ static int hostapd_setup_interface_complete_sync(struct hostapd_iface *iface, hostapd_tx_queue_params(iface); ap_list_init(iface); - dl_list_init(&iface->sta_seen); hostapd_set_acl(hapd); @@ -2068,6 +2067,20 @@ void hostapd_interface_free(struct hostapd_iface *iface) } +struct hostapd_iface * hostapd_alloc_iface(void) +{ + struct hostapd_iface *hapd_iface; + + hapd_iface = os_zalloc(sizeof(*hapd_iface)); + if (!hapd_iface) + return NULL; + + dl_list_init(&hapd_iface->sta_seen); + + return hapd_iface; +} + + /** * hostapd_init - Allocate and initialize per-interface data * @config_file: Path to the configuration file @@ -2085,7 +2098,7 @@ struct hostapd_iface * hostapd_init(struct hapd_interfaces *interfaces, struct hostapd_data *hapd; size_t i; - hapd_iface = os_zalloc(sizeof(*hapd_iface)); + hapd_iface = hostapd_alloc_iface(); if (hapd_iface == NULL) goto fail; @@ -2421,7 +2434,7 @@ hostapd_iface_alloc(struct hapd_interfaces *interfaces) return NULL; interfaces->iface = iface; hapd_iface = interfaces->iface[interfaces->count] = - os_zalloc(sizeof(*hapd_iface)); + hostapd_alloc_iface(); if (hapd_iface == NULL) { wpa_printf(MSG_ERROR, "%s: Failed to allocate memory for " "the interface", __func__); diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h index 195679e..f58c965 100644 --- a/src/ap/hostapd.h +++ b/src/ap/hostapd.h @@ -471,6 +471,7 @@ int hostapd_setup_interface(struct hostapd_iface *iface); int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err); void hostapd_interface_deinit(struct hostapd_iface *iface); void hostapd_interface_free(struct hostapd_iface *iface); +struct hostapd_iface * hostapd_alloc_iface(void); struct hostapd_iface * hostapd_init(struct hapd_interfaces *interfaces, const char *config_file); struct hostapd_iface * diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index 356784a..5afb772 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -675,7 +675,7 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s, return -1; } - wpa_s->ap_iface = hapd_iface = os_zalloc(sizeof(*wpa_s->ap_iface)); + wpa_s->ap_iface = hapd_iface = hostapd_alloc_iface(); if (hapd_iface == NULL) return -1; hapd_iface->owner = wpa_s; -- 2.1.4