Clear WPA and EAPOL state machine config pointer on network removal
Make sure that the WPA and EAPOL state machines do not hold a pointer to a network configuration that is about to be freed. This can fix potential issues with references to freed memory.
This commit is contained in:
parent
567afddb69
commit
20a0b03deb
3 changed files with 19 additions and 2 deletions
|
@ -1393,6 +1393,8 @@ static int wpa_supplicant_ctrl_iface_remove_network(
|
||||||
}
|
}
|
||||||
if (wpa_s->current_ssid) {
|
if (wpa_s->current_ssid) {
|
||||||
eapol_sm_invalidate_cached_session(wpa_s->eapol);
|
eapol_sm_invalidate_cached_session(wpa_s->eapol);
|
||||||
|
wpa_sm_set_config(wpa_s->wpa, NULL);
|
||||||
|
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
|
||||||
wpa_supplicant_disassociate(wpa_s,
|
wpa_supplicant_disassociate(wpa_s,
|
||||||
WLAN_REASON_DEAUTH_LEAVING);
|
WLAN_REASON_DEAUTH_LEAVING);
|
||||||
}
|
}
|
||||||
|
@ -1416,6 +1418,8 @@ static int wpa_supplicant_ctrl_iface_remove_network(
|
||||||
* removed.
|
* removed.
|
||||||
*/
|
*/
|
||||||
eapol_sm_invalidate_cached_session(wpa_s->eapol);
|
eapol_sm_invalidate_cached_session(wpa_s->eapol);
|
||||||
|
wpa_sm_set_config(wpa_s->wpa, NULL);
|
||||||
|
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
|
||||||
|
|
||||||
wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
|
wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,8 @@
|
||||||
#include "p2p/p2p.h"
|
#include "p2p/p2p.h"
|
||||||
#include "ap/hostapd.h"
|
#include "ap/hostapd.h"
|
||||||
#include "ap/p2p_hostapd.h"
|
#include "ap/p2p_hostapd.h"
|
||||||
|
#include "eapol_supp/eapol_supp_sm.h"
|
||||||
|
#include "rsn_supp/wpa.h"
|
||||||
#include "wpa_supplicant_i.h"
|
#include "wpa_supplicant_i.h"
|
||||||
#include "driver_i.h"
|
#include "driver_i.h"
|
||||||
#include "ap.h"
|
#include "ap.h"
|
||||||
|
@ -293,8 +295,11 @@ static void wpas_p2p_group_delete(struct wpa_supplicant *wpa_s)
|
||||||
ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION ||
|
ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION ||
|
||||||
(ssid->key_mgmt & WPA_KEY_MGMT_WPS))) {
|
(ssid->key_mgmt & WPA_KEY_MGMT_WPS))) {
|
||||||
int id = ssid->id;
|
int id = ssid->id;
|
||||||
if (ssid == wpa_s->current_ssid)
|
if (ssid == wpa_s->current_ssid) {
|
||||||
|
wpa_sm_set_config(wpa_s->wpa, NULL);
|
||||||
|
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
|
||||||
wpa_s->current_ssid = NULL;
|
wpa_s->current_ssid = NULL;
|
||||||
|
}
|
||||||
/*
|
/*
|
||||||
* Networks objects created during any P2P activities are not
|
* Networks objects created during any P2P activities are not
|
||||||
* exposed out as they might/will confuse certain non-P2P aware
|
* exposed out as they might/will confuse certain non-P2P aware
|
||||||
|
|
|
@ -24,6 +24,7 @@
|
||||||
#include "common/wpa_ctrl.h"
|
#include "common/wpa_ctrl.h"
|
||||||
#include "eap_common/eap_wsc_common.h"
|
#include "eap_common/eap_wsc_common.h"
|
||||||
#include "eap_peer/eap.h"
|
#include "eap_peer/eap.h"
|
||||||
|
#include "eapol_supp/eapol_supp_sm.h"
|
||||||
#include "rsn_supp/wpa.h"
|
#include "rsn_supp/wpa.h"
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
#include "wpa_supplicant_i.h"
|
#include "wpa_supplicant_i.h"
|
||||||
|
@ -673,7 +674,9 @@ enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid)
|
||||||
static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
|
static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
|
||||||
{
|
{
|
||||||
int id;
|
int id;
|
||||||
struct wpa_ssid *ssid, *remove_ssid = NULL;
|
struct wpa_ssid *ssid, *remove_ssid = NULL, *prev_current;
|
||||||
|
|
||||||
|
prev_current = wpa_s->current_ssid;
|
||||||
|
|
||||||
eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
|
eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
|
||||||
|
|
||||||
|
@ -692,6 +695,11 @@ static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
|
||||||
id = -1;
|
id = -1;
|
||||||
ssid = ssid->next;
|
ssid = ssid->next;
|
||||||
if (id >= 0) {
|
if (id >= 0) {
|
||||||
|
if (prev_current == remove_ssid) {
|
||||||
|
wpa_sm_set_config(wpa_s->wpa, NULL);
|
||||||
|
eapol_sm_notify_config(wpa_s->eapol, NULL,
|
||||||
|
NULL);
|
||||||
|
}
|
||||||
wpas_notify_network_removed(wpa_s, remove_ssid);
|
wpas_notify_network_removed(wpa_s, remove_ssid);
|
||||||
wpa_config_remove_network(wpa_s->conf, id);
|
wpa_config_remove_network(wpa_s->conf, id);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue