From 4f4a52c3cc0f617281297930f9278e783b9e96da Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 22 Jun 2020 20:00:31 +0300 Subject: [PATCH] DPP: Clear bootstrap entries only after clearing authentication state This fixes an issue where the pending authentication might have held a reference to auth->tmp_peer_bi and dpp_auth_deinit() would try to free that bootstrapping entry. This needs to happen before the call to dpp_global_clear() to avoid double-removal of the bootstrapping entry from the list. Signed-off-by: Jouni Malinen --- wpa_supplicant/dpp_supplicant.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index 2d56b2f9d..0cda38542 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -3260,7 +3260,6 @@ void wpas_dpp_deinit(struct wpa_supplicant *wpa_s) #endif /* CONFIG_TESTING_OPTIONS */ if (!wpa_s->dpp) return; - dpp_global_clear(wpa_s->dpp); eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL); eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); @@ -3284,6 +3283,7 @@ void wpas_dpp_deinit(struct wpa_supplicant *wpa_s) os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN); os_free(wpa_s->dpp_configurator_params); wpa_s->dpp_configurator_params = NULL; + dpp_global_clear(wpa_s->dpp); }