Fix hostapd segfault on beacon hint event

Commit 795baf773f6d53bae3cfae4df6edda63e5022344 ('hostapd: Filter
channel list updated events after country code change') uses the
EVENT_CHANNEL_LIST_CHANGED data pointer, but it updated only one of the
callers to provide that data. NL80211_CMD_REG_BEACON_HINT event was
still sending the event without the initiator data and resulted in NULL
pointer dereference, e.g., if a scan was run while hostapd was running
and the driver was in world roaming state and enabled a channel for
active scans.

CRs-Fixed: 662554
Git-commit: 8597ebdbd44dd4dfb680a17a1d71c183377a0223
Git-repo : git://w1.fi/srv/git/hostap.git
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Change-Id: I947dc781166a627c8f80b08d43c094fe34a49279

2 files changed, 4 insertions, 1 deletions

diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index ccbcab6e..c48339d6 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -42,6 +42,7 @@ enum reg_change_initiator {
 	REGDOM_SET_BY_USER,
 	REGDOM_SET_BY_DRIVER,
 	REGDOM_SET_BY_COUNTRY_IE,
+	REGDOM_BEACON_HINT,
 };
 
 /**
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index a98a3cd4..e221f657 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -2850,8 +2850,10 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
 		break;
 	case NL80211_CMD_REG_BEACON_HINT:
 		wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
+		os_memset(&data, 0, sizeof(data));
+		data.channel_list_changed.initiator = REGDOM_BEACON_HINT;
 		wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
-				     NULL);
+				     &data);
 		break;
 	case NL80211_CMD_NEW_STATION:
 		nl80211_new_station_event(drv, tb);