On Tue, Apr 15, 2025 at 01:21:46PM +0000, Richard Yu-游宗勳 wrote: > AP MLD: Ensure hostapd_deinit_driver() is called when driver_init() fails > > Ensure hostapd_deinit_driver() is called when driver_init() fails in both > hostapd_enable_iface() and hostapd_add_iface(). > > When initializing an AP MLD interface, driver_init() first assigns a valid > private driver interface data pointer (drv_priv) to the hostapd_iface > structure. It then attempts to add a link by calling hostapd_drv_link_add(). > This call may fail under certain conditions, such as ENETDOWN, EALREADY, > or other transient errors. > > In such failure cases, the hostapd interface retains a valid drv_priv > pointer, but no cleanup is performed. This results in an untracked reference > to the private driver interface data. While the memory backing drv_priv will > eventually be freed when the last interface sharing it is deinitialized, the > lack of cleanup in early failure paths can then lead to invalid memory access, > potentially resulting in a segmentation fault. > > This patch ensures that hostapd_deinit_driver() is invoked in both failure > paths to properly release references to driver resources and maintain > consistency across interface initialization routines. Thanks, applied. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
