From 3c98a4ee5e0800459641d11e96e2316826e4901b Mon Sep 17 00:00:00 2001 From: Rathees Kumar R Chinannan Date: Tue, 28 Nov 2023 15:23:58 +0530 Subject: [PATCH] hostapd: fix crash when accessing Ubus object on hapd Initializing Ubus from hostapd_ubus_add_iface function makes ubus context reference as -1 in some cases, when hostapd_ubus_free_bss is called before adding bss to Ubus.This is fixed by initializing Ubus only when adding BSS to Ubus. When adding BSS to Ubus, ubus context reference is incremented even if ubus_add_object returns failure value. But when freeing bss from Ubus, Ctx is not decremented if object is not added. This is fixed by decrementing Ctx reference without checking object id on hostapd_ubus_free_bss function. Signed-off-by: Rathees Kumar R Chinannan Change-Id: I555e984c719c7058fdd9c08482eac2cc1396083a --- src/ap/hostapd.c | 1 - src/ap/ubus.c | 11 ++--------- src/ap/ubus.h | 5 ----- 3 files changed, 2 insertions(+), 15 deletions(-) diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index 6364a07..8aaad3a 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -2563,7 +2563,6 @@ static int hostapd_setup_interface_complete_sync(struct hostapd_iface *iface, if (err) goto fail; - hostapd_ubus_add_iface(iface); wpa_printf(MSG_DEBUG, "Completing interface initialization"); if (iface->freq) { #ifdef NEED_AP_MLME diff --git a/src/ap/ubus.c b/src/ap/ubus.c index bceaa62..c285ec8 100644 --- a/src/ap/ubus.c +++ b/src/ap/ubus.c @@ -99,12 +99,6 @@ static void hostapd_ubus_ref_dec(void) ctx = NULL; } -void hostapd_ubus_add_iface(struct hostapd_iface *iface) -{ - if (!hostapd_ubus_init()) - return; -} - void hostapd_ubus_free_iface(struct hostapd_iface *iface) { if (!ctx) @@ -1756,10 +1750,9 @@ void hostapd_ubus_free_bss(struct hostapd_data *hapd) hostapd_send_shared_event(&hapd->iface->interfaces->ubus, hapd->conf->iface, "remove"); - if (obj->id) { + if (obj->id) ubus_remove_object(ctx, obj); - hostapd_ubus_ref_dec(); - } + hostapd_ubus_ref_dec(); free(name); } diff --git a/src/ap/ubus.h b/src/ap/ubus.h index d95313a..60943b9 100644 --- a/src/ap/ubus.h +++ b/src/ap/ubus.h @@ -40,7 +40,6 @@ struct hostapd_ubus_bss { int notify_response; }; -void hostapd_ubus_add_iface(struct hostapd_iface *iface); void hostapd_ubus_free_iface(struct hostapd_iface *iface); void hostapd_ubus_add_bss(struct hostapd_data *hapd); void hostapd_ubus_free_bss(struct hostapd_data *hapd); @@ -73,10 +72,6 @@ void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info * struct hostapd_ubus_bss {}; -static inline void hostapd_ubus_add_iface(struct hostapd_iface *iface) -{ -} - static inline void hostapd_ubus_free_iface(struct hostapd_iface *iface) { } -- 2.43.0