From 7365e8f1bb5eb4c4fc6b8a03e0f7bed2c7b7b523 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Wed, 13 Sep 2023 17:07:17 +0200
Subject: [PATCH 1/3] hostapd: do not modify hapd->started when stopping an AP

It can cause cleanup to be skipped on wifi restart, which can lead to
use-after-free bugs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 package/network/services/hostapd/src/src/ap/ucode.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package/network/services/hostapd/src/src/ap/ucode.c b/package/network/services/hostapd/src/src/ap/ucode.c
index 849f8028e6f..3dc122b7c27 100644
--- a/package/network/services/hostapd/src/src/ap/ucode.c
+++ b/package/network/services/hostapd/src/src/ap/ucode.c
@@ -394,7 +394,7 @@ uc_hostapd_iface_stop(uc_vm_t *vm, size_t nargs)
 		struct hostapd_data *hapd = iface->bss[i];
 
 		hostapd_drv_stop_ap(hapd);
-		hapd->started = 0;
+		hapd->beacon_set_done = 0;
 	}
 }
 
@@ -471,7 +471,6 @@ out:
 		struct hostapd_data *hapd = iface->bss[i];
 		int ret;
 
-		hapd->started = 1;
 		hapd->conf->start_disabled = 0;
 		hostapd_set_freq(hapd, conf->hw_mode, iface->freq,
 				 conf->channel,

From 02b4dc93b61ab01c5a535b1a5440f732d6931dca Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Wed, 13 Sep 2023 11:00:53 +0200
Subject: [PATCH 2/3] mac80211: only add the mbssid option to the config when
 set

This avoids errors when the feature is not built into the hostapd binary

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 .../kernel/mac80211/files/lib/netifd/wireless/mac80211.sh   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh
index 7d3ab4dc01b..860609305f4 100644
--- a/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh
+++ b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh
@@ -488,7 +488,7 @@ ${channel:+channel=$channel}
 ${channel_list:+chanlist=$channel_list}
 ${hostapd_noscan:+noscan=1}
 ${tx_burst:+tx_queue_data2_burst=$tx_burst}
-mbssid=$multiple_bssid
+${multiple_bssid:+mbssid=$multiple_bssid}
 #num_global_macaddr=$num_global_macaddr
 $base_cfg
 
@@ -537,7 +537,7 @@ mac80211_generate_mac() {
 	local phy="$1"
 	local id="${macidx:-0}"
 
-	wdev_tool "$phy" get_macaddr id=$id num_global=$num_global_macaddr mbssid=$multiple_bssid
+	wdev_tool "$phy" get_macaddr id=$id num_global=$num_global_macaddr mbssid=${multiple_bssid:-0}
 }
 
 get_board_phy_name() (
@@ -1049,7 +1049,7 @@ drv_mac80211_setup() {
 		txpower \
 		rxantenna txantenna \
 		frag rts beacon_int:100 htmode \
-		num_global_macaddr:1 multiple_bssid:0
+		num_global_macaddr:1 multiple_bssid
 	json_get_values basic_rate_list basic_rate
 	json_get_values scan_list scan_list
 	json_select ..

From 6cf27094e9209250dbd45f8b042530c3b23f0a42 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Wed, 13 Sep 2023 22:57:47 +0200
Subject: [PATCH 3/3] hostapd: add missing return statement

Avoids crash due to uninitialized stack/register garbage

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 package/network/services/hostapd/src/src/ap/ucode.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/package/network/services/hostapd/src/src/ap/ucode.c b/package/network/services/hostapd/src/src/ap/ucode.c
index 3dc122b7c27..ba081d87c2d 100644
--- a/package/network/services/hostapd/src/src/ap/ucode.c
+++ b/package/network/services/hostapd/src/src/ap/ucode.c
@@ -396,6 +396,8 @@ uc_hostapd_iface_stop(uc_vm_t *vm, size_t nargs)
 		hostapd_drv_stop_ap(hapd);
 		hapd->beacon_set_done = 0;
 	}
+
+	return NULL;
 }
 
 static uc_value_t *