Fix hostapd segfault on beacon hint event

Commit 795baf773f ('hostapd: Filter channel list updated events after country code change') uses the EVENT_CHANNEL_LIST_CHANGED data pointer, but it updated only one of the callers to provide that data. NL80211_CMD_REG_BEACON_HINT event was still sending the event without the initiator data and resulted in NULL pointer dereference, e.g., if a scan was run while hostapd was running and the driver was in world roaming state and enabled a channel for active scans. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-03 13:24:50 +02:00 · 2014-02-03 13:24:50 +02:00 · 8597ebdbd4
commit 8597ebdbd4
parent c69ed4dd49
2 changed files with 4 additions and 1 deletions
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@ -47,6 +47,7 @@ enum reg_change_initiator {
 	REGDOM_SET_BY_USER,
 	REGDOM_SET_BY_DRIVER,
 	REGDOM_SET_BY_COUNTRY_IE,
+	REGDOM_BEACON_HINT,
 };

 /**
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@ -3000,8 +3000,10 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
 		break;
 	case NL80211_CMD_REG_BEACON_HINT:
 		wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
+		os_memset(&data, 0, sizeof(data));
+		data.channel_list_changed.initiator = REGDOM_BEACON_HINT;
 		wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
-				     NULL);
+				     &data);
 		break;
 	case NL80211_CMD_NEW_STATION:
 		nl80211_new_station_event(drv, tb);