From 6e5d01124fd4dd57899ddd9260c76dbb43543aa7 Mon Sep 17 00:00:00 2001
From: Cy Schubert <cy@FreeBSD.org>
Date: Sat, 2 Apr 2022 20:54:50 -0700
Subject: [PATCH] wpa/hostapd: Fix 100% CPU when USB wlan NIC removed

hostapd calls pcap_next(3) to read the next packet off the wlan interface.
pcap_next() returns a pointer to the packet header but does not indicate
success or failure. Unfortunately this results in an infinite loop (100%
CPU) when the wlan device disappears, i.e. when a USB wlan device is
manually removed or a USB error results in the device removal. However
pcap_next_ex(3) does return success or failure. To resolve this we use
pcap_next_ex(), forcing hostapd to exit when the error is encountered.

An error message is printed to syslog or stderr when debugging (-d flag)
is enabled. Unfortunately wpa_printf() only works when debugging is enabled.

PR:		253608
Reported by:	Damjan Jovanovic <damjan.jov@gmail.com>,
		bz (privately)
MFC after:	3 days
---
 contrib/wpa/src/l2_packet/l2_packet_freebsd.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
index 48e18fffba57..da742f432120 100644
--- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
+++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
@@ -83,7 +83,10 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
 	unsigned char *buf;
 	size_t len;
 
-	packet = pcap_next(pcap, &hdr);
+	if (pcap_next_ex(pcap, &hdr, &packet) == -1) {
+		wpa_printf(MSG_ERROR, "Error reading packet, has device disappeared?");
+		eloop_terminate();
+	}
 
 	if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr))
 		return;