From d4359923e1ea8bd618da51ce527f57c94b73c35b Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 4 Mar 2017 11:42:15 +0200
Subject: [PATCH] Fix DHCP/NDISC snoop deinit followed by failing re-init

It was possible to hit a double-free on the l2_packet socket if
initialization of DHCP/NDISC snoop failed on a hostapd interface that
had previously had those enabled successfully. Fix this by clearing the
l2_packet pointers during deinit.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/ap/dhcp_snoop.c  | 1 +
 src/ap/ndisc_snoop.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/ap/dhcp_snoop.c b/src/ap/dhcp_snoop.c
index b9a36d760..6d8c2f4be 100644
--- a/src/ap/dhcp_snoop.c
+++ b/src/ap/dhcp_snoop.c
@@ -154,4 +154,5 @@ int dhcp_snoop_init(struct hostapd_data *hapd)
 void dhcp_snoop_deinit(struct hostapd_data *hapd)
 {
 	l2_packet_deinit(hapd->sock_dhcp);
+	hapd->sock_dhcp = NULL;
 }
diff --git a/src/ap/ndisc_snoop.c b/src/ap/ndisc_snoop.c
index 3c086bfc7..4d6a92e08 100644
--- a/src/ap/ndisc_snoop.c
+++ b/src/ap/ndisc_snoop.c
@@ -182,4 +182,5 @@ int ndisc_snoop_init(struct hostapd_data *hapd)
 void ndisc_snoop_deinit(struct hostapd_data *hapd)
 {
 	l2_packet_deinit(hapd->sock_ndisc);
+	hapd->sock_ndisc = NULL;
 }