From 153d4c501a8231604dd8b98514924f2698c5449e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 15 Apr 2019 21:57:58 +0300 Subject: [PATCH] mesh: Fix SAE reauthentication processing ap_free_sta() frees the sta entry, so sta->addr cannot be used after that call. Fix the sequence of these two calls to avoid use of freed memory to determine which PMKSA cache entry to remove. Fixes: 9f2cf23e2e0d ("mesh: Add support for PMKSA caching") Signed-off-by: Jouni Malinen --- src/ap/ieee802_11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index a8a83795e..ebcdbc5cf 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -896,8 +896,8 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta, wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR ") doing reauthentication", MAC2STR(sta->addr)); - ap_free_sta(hapd, sta); wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); + ap_free_sta(hapd, sta); } else if (auth_transaction == 1) { wpa_printf(MSG_DEBUG, "SAE: Start reauthentication"); ret = auth_sae_send_commit(hapd, sta, bssid, 1);