Clear hostapd bss entry to NULL on add-interface-failure

It looks like leaving behind the freed pointed at the end of the array
could end up in a crash triggered by double free in some cases.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/ap/hostapd.c

@@ -1807,6 +1807,7 @@ int hostapd_add_iface(struct hapd_interfaces *interfaces, char *buf)
 			if (start_ctrl_iface_bss(hapd) < 0 ||
 			    (hapd_iface->state == HAPD_IFACE_ENABLED &&
 			     hostapd_setup_bss(hapd, -1))) {
+				hapd_iface->bss[hapd_iface->num_bss - 1] = NULL;
 				hapd_iface->conf->num_bss--;
 				hapd_iface->num_bss--;
 				wpa_printf(MSG_DEBUG, "%s: free hapd %p %s",