wpa_supplicant/hostapd: Fix uninitialized packet pointer on error

The packet pointer (called packet) will remain uninitialized when
pcap_next_ex() returns an error. This occurs when the wlan
interface is shut down using ifconfig destroy. Adding a NULL
assignment to packet duplicates what pcap_next() does.

The reason we use pcap_next_ex() in this instance is because with
pacp_next() when we receive a null pointer if there was an error
or if no packets were read. With pcap_next_ex() we can differentiate
between an error and legitimately no packets were received.

PR:		270649
Reported by:	Robert Morris <rtm@lcs.mit.edu>
Fixes:		6e5d01124fd4

(cherry picked from commit 953efa5b200f060564a090ab71b3d7f614a35e3f)

1 files changed, 1 insertions, 0 deletions

diff --git a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
index 0461758ff210..7b96bd033c87 100644
--- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
+++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
@@ -85,6 +85,7 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
 
 	if (pcap_next_ex(pcap, &hdr, &packet) == -1) {
 		wpa_printf(MSG_ERROR, "Error reading packet, has device disappeared?");
+		packet = NULL;
 		eloop_terminate();
 	}