aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/wps_supplicant.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2011-06-27 16:02:24 (GMT)
committerJouni Malinen <j@w1.fi>2011-06-27 16:02:24 (GMT)
commit20a0b03debef66cc57b0c34a05f8be5229be907c (patch)
treed0cf862cb95fee56aedbf346e784ae51936a0128 /wpa_supplicant/wps_supplicant.c
parent567afddb69a84aa144a87e27ad94baa40967d964 (diff)
downloadhostap-20a0b03debef66cc57b0c34a05f8be5229be907c.zip
hostap-20a0b03debef66cc57b0c34a05f8be5229be907c.tar.gz
hostap-20a0b03debef66cc57b0c34a05f8be5229be907c.tar.bz2
Clear WPA and EAPOL state machine config pointer on network removal
Make sure that the WPA and EAPOL state machines do not hold a pointer to a network configuration that is about to be freed. This can fix potential issues with references to freed memory.
Diffstat (limited to 'wpa_supplicant/wps_supplicant.c')
-rw-r--r--wpa_supplicant/wps_supplicant.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index b75c6ef..e3388bd 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -24,6 +24,7 @@
#include "common/wpa_ctrl.h"
#include "eap_common/eap_wsc_common.h"
#include "eap_peer/eap.h"
+#include "eapol_supp/eapol_supp_sm.h"
#include "rsn_supp/wpa.h"
#include "config.h"
#include "wpa_supplicant_i.h"
@@ -673,7 +674,9 @@ enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid)
static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
{
int id;
- struct wpa_ssid *ssid, *remove_ssid = NULL;
+ struct wpa_ssid *ssid, *remove_ssid = NULL, *prev_current;
+
+ prev_current = wpa_s->current_ssid;
eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
@@ -692,6 +695,11 @@ static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
id = -1;
ssid = ssid->next;
if (id >= 0) {
+ if (prev_current == remove_ssid) {
+ wpa_sm_set_config(wpa_s->wpa, NULL);
+ eapol_sm_notify_config(wpa_s->eapol, NULL,
+ NULL);
+ }
wpas_notify_network_removed(wpa_s, remove_ssid);
wpa_config_remove_network(wpa_s->conf, id);
}