From 6be0f55d85f1eae56d1eae379810adffb89df46e Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Mon, 30 Jul 2018 09:05:52 -0500
Subject: [PATCH] ap/adhoc: Don't crash on eapol_sm_free

If the sm object (or the handshake object) is NULL, don't call the
corresponding function.

0  0x7fb6cd37da80 in /lib64/libc.so.6
1  0x414764 in eapol_sm_destroy() at eapol.c:673
2  0x42e402 in ap_sta_free() at ap.c:97
3  0x439dbe in l_queue_clear() at /home/parallels/wrk/iwd/ell/queue.c:109
4  0x439e09 in l_queue_destroy() at /home/parallels/wrk/iwd/ell/queue.c:83
5  0x42e4bf in ap_reset() at ap.c:132
6  0x42e519 in ap_free() at ap.c:147
7  0x447456 in interface_instance_free() at /home/parallels/wrk/iwd/ell/dbus-service.c:513
8  0x449be0 in _dbus_object_tree_remove_interface() at /home/parallels/wrk/iwd/ell/dbus-service.c:1595
9  0x449ced in _dbus_object_tree_object_destroy() at /home/parallels/wrk/iwd/ell/dbus-service.c:787
10 0x40fb8c in device_free() at device.c:2717
11 0x405cdb in netdev_free() at netdev.c:605
12 0x439dbe in l_queue_clear() at /home/parallels/wrk/iwd/ell/queue.c:109
13 0x439e09 in l_queue_destroy() at /home/parallels/wrk/iwd/ell/queue.c:83
14 0x40aac2 in netdev_shutdown() at netdev.c:4483
15 0x403b75 in iwd_shutdown() at main.c:80
16 0x43d9f3 in signal_callback() at /home/parallels/wrk/iwd/ell/signal.c:83
17 0x43d4ee in l_main_iterate() at /home/parallels/wrk/iwd/ell/main.c:376
18 0x43d5ac in l_main_run() at /home/parallels/wrk/iwd/ell/main.c:419
19 0x40379b in main() at main.c:454
20 0x7fb6cd36788a in /lib64/libc.so.6
---
 src/adhoc.c | 6 ++++--
 src/ap.c    | 7 +++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/adhoc.c b/src/adhoc.c
index fb671758..cabd507a 100644
--- a/src/adhoc.c
+++ b/src/adhoc.c
@@ -74,12 +74,14 @@ static void adhoc_sta_free(void *data)
 	if (sta->sm)
 		eapol_sm_free(sta->sm);
 
-	handshake_state_free(sta->hs_sta);
+	if (sta->hs_sta)
+		handshake_state_free(sta->hs_sta);
 
 	if (sta->sm_a)
 		eapol_sm_free(sta->sm_a);
 
-	handshake_state_free(sta->hs_auth);
+	if (sta->hs_auth)
+		handshake_state_free(sta->hs_auth);
 
 end:
 	l_free(sta);
diff --git a/src/ap.c b/src/ap.c
index 4d73b8e4..1af67201 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -93,8 +93,11 @@ static void ap_sta_free(void *data)
 	if (sta->assoc_resp_cmd_id)
 		l_genl_family_cancel(nl80211, sta->assoc_resp_cmd_id);
 
-	eapol_sm_free(sta->sm);
-	handshake_state_free(sta->hs);
+	if (sta->sm)
+		eapol_sm_free(sta->sm);
+
+	if (sta->hs)
+		handshake_state_free(sta->hs);
 
 	l_free(sta);
 }