aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/bss.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2012-09-10 10:33:29 (GMT)
committerJouni Malinen <j@w1.fi>2012-09-10 10:36:55 (GMT)
commit762b99db7a76803d1ad274e87caa6fe870d47441 (patch)
tree48b926ce1f9aaf523c0bdd6ccc811889dc19e9c4 /wpa_supplicant/bss.c
parente88f0901ebfeac3cd07b8408c880bb4d8c3dbdb9 (diff)
downloadhostap-762b99db7a76803d1ad274e87caa6fe870d47441.zip
hostap-762b99db7a76803d1ad274e87caa6fe870d47441.tar.gz
hostap-762b99db7a76803d1ad274e87caa6fe870d47441.tar.bz2
Fix last_scan_res update existing BSS entry is update
The BSS pointer may change if the entry needs to be reallocated and the new pointer has to be added to the last_scan_res array to avoid using pointers to freed memory. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/bss.c')
-rw-r--r--wpa_supplicant/bss.c16
1 files changed, 13 insertions, 3 deletions
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index af2033f..6223beb 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -391,8 +391,9 @@ static void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
}
-static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
- struct wpa_scan_res *res)
+static struct wpa_bss *
+wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
+ struct wpa_scan_res *res)
{
u32 changes;
@@ -414,6 +415,13 @@ static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
res->beacon_ie_len);
if (nbss) {
+ unsigned int i;
+ for (i = 0; i < wpa_s->last_scan_res_used; i++) {
+ if (wpa_s->last_scan_res[i] == bss) {
+ wpa_s->last_scan_res[i] = nbss;
+ break;
+ }
+ }
if (wpa_s->current_bss == bss)
wpa_s->current_bss = nbss;
bss = nbss;
@@ -429,6 +437,8 @@ static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
dl_list_add_tail(&wpa_s->bss, &bss->list);
notify_bss_changes(wpa_s, changes, bss);
+
+ return bss;
}
@@ -482,7 +492,7 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
if (bss == NULL)
bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res);
else
- wpa_bss_update(wpa_s, bss, res);
+ bss = wpa_bss_update(wpa_s, bss, res);
if (bss == NULL)
return;