From 953efa5b200f060564a090ab71b3d7f614a35e3f Mon Sep 17 00:00:00 2001 From: Cy Schubert Date: Wed, 5 Apr 2023 21:07:15 -0700 Subject: [PATCH] wpa_supplicant/hostapd: Fix uninitialized packet pointer on error The packet pointer (called packet) will remain uninitialized when pcap_next_ex() returns an error. This occurs when the wlan interface is shut down using ifconfig destroy. Adding a NULL assignment to packet duplicates what pcap_next() does. The reason we use pcap_next_ex() in this instance is because with pacp_next() when we receive a null pointer if there was an error or if no packets were read. With pcap_next_ex() we can differentiate between an error and legitimately no packets were received. PR: 270649 Reported by: Robert Morris Fixes: 6e5d01124fd4 MFC after: 3 days --- contrib/wpa/src/l2_packet/l2_packet_freebsd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c index 0461758ff210..7b96bd033c87 100644 --- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c +++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c @@ -85,6 +85,7 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx) if (pcap_next_ex(pcap, &hdr, &packet) == -1) { wpa_printf(MSG_ERROR, "Error reading packet, has device disappeared?"); + packet = NULL; eloop_terminate(); }