From: David Bauer <mail@david-bauer.net>
Date: Wed, 17 Nov 2021 20:46:11 +0000 (+0100)
Subject: hostapd: fix use after free bugs
X-Git-Tag: v21.02.2~119
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=75f72696b5e12ed1e3ab39aacbeedc3db45befe0;p=openwrt%2Fstaging%2Fpepe2k.git

hostapd: fix use after free bugs

Using a pointer one lifter after it freed is not the best idea.
Let's not do that.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry-picked from commit 63c01ad025981eaa841353dc0fc27e5017febe21)
---

diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index 938840755a..e690e8fd7b 100644
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -235,22 +235,22 @@
  		wpabuf_free(sta->p2p_ie);
 --- a/src/ap/sta_info.c
 +++ b/src/ap/sta_info.c
-@@ -424,6 +424,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+@@ -423,6 +423,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+ 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
  			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
  			       "local deauth request");
- 		ap_free_sta(hapd, sta);
 +		hostapd_ubus_notify(hapd, "local-deauth", sta->addr);
+ 		ap_free_sta(hapd, sta);
  		return;
  	}
- 
-@@ -579,6 +580,7 @@ skip_poll:
+@@ -578,6 +579,7 @@ skip_poll:
+ 		mlme_deauthenticate_indication(
  			hapd, sta,
  			WLAN_REASON_PREV_AUTH_NOT_VALID);
- 		ap_free_sta(hapd, sta);
 +		hostapd_ubus_notify(hapd, "inactive-deauth", sta->addr);
+ 		ap_free_sta(hapd, sta);
  		break;
  	}
- }
 @@ -1294,6 +1296,7 @@ void ap_sta_set_authorized(struct hostap
  					  buf, ip_addr, keyid_buf);
  	} else {