aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/bss.c
diff options
context:
space:
mode:
authorEliad Peller <eliad@wizery.com>2012-03-05 15:09:55 (GMT)
committerJouni Malinen <j@w1.fi>2012-03-05 15:09:55 (GMT)
commiteb37e085a4c17a7ebdf258d480c5f2c8a2ac7f08 (patch)
tree0563d2ae5e9e6e8b76cabe6c0a0fe62e596781db /wpa_supplicant/bss.c
parente19467e1618854c0ebf4bb847fb38ad9cebbe083 (diff)
downloadhostap-eb37e085a4c17a7ebdf258d480c5f2c8a2ac7f08.zip
hostap-eb37e085a4c17a7ebdf258d480c5f2c8a2ac7f08.tar.gz
hostap-eb37e085a4c17a7ebdf258d480c5f2c8a2ac7f08.tar.bz2
BSS: Fix use-after-realloc
After reallocation of the bss struct, current_bss wasn't updated and could hold an invalid pointer (which might get dereferenced later). Update current_bss if the pointer was changed. Signed-hostap: Eliad Peller <eliad@wizery.com> intended-for: hostap-1
Diffstat (limited to 'wpa_supplicant/bss.c')
-rw-r--r--wpa_supplicant/bss.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 2a5bb85..b79510e 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -328,6 +328,8 @@ static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
res->beacon_ie_len);
if (nbss) {
+ if (wpa_s->current_bss == bss)
+ wpa_s->current_bss = nbss;
bss = nbss;
os_memcpy(bss + 1, res + 1,
res->ie_len + res->beacon_ie_len);