From 25b65a142dec4770a79f7a17867f0db93111f843 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 27 Sep 2013 16:00:50 +0300 Subject: [PATCH] Make sure updated BSS entry does not get added twice to the list When the BSS table is being updated based on new scan results, a BSS entry could end up getting added into last_scan_res list multiple times if the scan results from the driver includes duplicated values. This should not happen with driver_nl80211.c since it filter outs duplicates, but in theory, other driver wrappers could indicate such scan results. Anyway, it is safer to make sure this cannot happen by explicitly verifying the last_scan_res list before adding an updated BSS entry there. A duplicated entry in the list could potentially result in freed memory being used if there is large enough number of BSSes in the scan results to cause removal of old BSS entries. Signed-hostap: Jouni Malinen --- wpa_supplicant/bss.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c index 67a9f97de..7d9bac5d3 100644 --- a/wpa_supplicant/bss.c +++ b/wpa_supplicant/bss.c @@ -625,8 +625,18 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s, bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]); if (bss == NULL) bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time); - else + else { bss = wpa_bss_update(wpa_s, bss, res, fetch_time); + if (wpa_s->last_scan_res) { + unsigned int i; + for (i = 0; i < wpa_s->last_scan_res_used; i++) { + if (bss == wpa_s->last_scan_res[i]) { + /* Already in the list */ + return; + } + } + } + } if (bss == NULL) return;