aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp/preauth.c
diff options
context:
space:
mode:
authorDaniel Gryniewicz <dang@gentoo.org>2010-08-14 16:01:14 (GMT)
committerJouni Malinen <j@w1.fi>2010-08-14 16:01:14 (GMT)
commit6c78ae1443f8bf80f290d9672e0510d4b248aa57 (patch)
tree4108c76952c733078191a5ed8c921c53e903668c /src/rsn_supp/preauth.c
parentba2d0d7d68fbf6fbecde14686f515a0545630d19 (diff)
downloadhostap-6c78ae1443f8bf80f290d9672e0510d4b248aa57.zip
hostap-6c78ae1443f8bf80f290d9672e0510d4b248aa57.tar.gz
hostap-6c78ae1443f8bf80f290d9672e0510d4b248aa57.tar.bz2
Fix RSN preauth candidate list clearing to avoid segfaults
Commit c5b26e33c1829c62c3b5872865ca202f6c42436e broke the processing of the candidate list entries when an old entry was either removed or reused. The entry needs to be removed from the list to avoid leaving pointers to freed memory. http://bugs.gentoo.org/show_bug.cgi?id=330085 http://w1.fi/bugz/show_bug.cgi?id=372
Diffstat (limited to 'src/rsn_supp/preauth.c')
-rw-r--r--src/rsn_supp/preauth.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/rsn_supp/preauth.c b/src/rsn_supp/preauth.c
index f3a0681..6109f5e 100644
--- a/src/rsn_supp/preauth.c
+++ b/src/rsn_supp/preauth.c
@@ -49,8 +49,10 @@ void pmksa_candidate_free(struct wpa_sm *sm)
return;
dl_list_for_each_safe(entry, n, &sm->pmksa_candidates,
- struct rsn_pmksa_candidate, list)
+ struct rsn_pmksa_candidate, list) {
+ dl_list_del(&entry->list);
os_free(entry);
+ }
}
@@ -378,6 +380,7 @@ void pmksa_candidate_add(struct wpa_sm *sm, const u8 *bssid,
}
if (cand) {
+ dl_list_del(&cand->list);
if (prio < PMKID_CANDIDATE_PRIO_SCAN)
cand->priority = prio;
} else {