hostapd: fix use after free bugs

Using a pointer one lifter after it freed is not the best idea.
Let's not do that.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry-picked from commit 63c01ad025981eaa841353dc0fc27e5017febe21)

diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index 938840755a79c5147d3b135c89f24f1240c42a4e..e690e8fd7b54307bf9368fa2426927fb2289e6f5 100644 (file)
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -235,22 +235,22 @@
                wpabuf_free(sta->p2p_ie);
 --- a/src/ap/sta_info.c
 +++ b/src/ap/sta_info.c
-@@ -424,6 +424,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+@@ -423,6 +423,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+               hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
                               HOSTAPD_LEVEL_INFO, "deauthenticated due to "
                               "local deauth request");
-               ap_free_sta(hapd, sta);
 +              hostapd_ubus_notify(hapd, "local-deauth", sta->addr);
+               ap_free_sta(hapd, sta);
                return;
        }
- 
-@@ -579,6 +580,7 @@ skip_poll:
+@@ -578,6 +579,7 @@ skip_poll:
+               mlme_deauthenticate_indication(
                        hapd, sta,
                        WLAN_REASON_PREV_AUTH_NOT_VALID);
-               ap_free_sta(hapd, sta);
 +              hostapd_ubus_notify(hapd, "inactive-deauth", sta->addr);
+               ap_free_sta(hapd, sta);
                break;
        }
- }
 @@ -1294,6 +1296,7 @@ void ap_sta_set_authorized(struct hostap
                                          buf, ip_addr, keyid_buf);
        } else {