From 434c8dbf3353a40e931d0db2e35fa2c8b4cbe576 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Fri, 29 Oct 2010 21:25:39 +0000
Subject: [PATCH] package/hostapd: fix crash in atheros driver (#8143)
 hapd->driver->set_operstate may happen when the drv_priv data is not
 initialized yet, this leads to a null pointer deref in the atheros driver.
 Protect the operstate call with a check for hapd->drv_priv.

SVN-Revision: 23715
---
 .../hostapd/patches/460-oper_state_fix.patch  | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/package/hostapd/patches/460-oper_state_fix.patch b/package/hostapd/patches/460-oper_state_fix.patch
index 5a685a23ef..8ea0e12360 100644
--- a/package/hostapd/patches/460-oper_state_fix.patch
+++ b/package/hostapd/patches/460-oper_state_fix.patch
@@ -23,3 +23,25 @@ DORMANT state does not prevent normal operations after that.
  	return 0;
  }
  
+--- a/src/drivers/driver_wext.c
++++ b/src/drivers/driver_wext.c
+@@ -2245,11 +2245,14 @@ int wpa_driver_wext_set_operstate(void *
+ {
+ 	struct wpa_driver_wext_data *drv = priv;
+ 
+-	wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
+-		   __func__, drv->operstate, state, state ? "UP" : "DORMANT");
+-	drv->operstate = state;
+-	return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
+-				      state ? IF_OPER_UP : IF_OPER_DORMANT);
++	if (drv != NULL)
++	{
++		wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
++			   __func__, drv->operstate, state, state ? "UP" : "DORMANT");
++		drv->operstate = state;
++		return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
++					      state ? IF_OPER_UP : IF_OPER_DORMANT);
++	}
+ }
+ 
+ 
-- 
GitLab