From 5516ed32c511aa36b8767fd499585478dc59afd3 Mon Sep 17 00:00:00 2001
From: Eduardo Abinader <eduardo.abinader@openbossa.org>
Date: Wed, 14 May 2014 09:08:47 -0400
Subject: [PATCH] WPS: Deinit before wpas_p2p_disconnect()

When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
---
 wpa_supplicant/wpa_supplicant.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index e38e3e070..2b253ac17 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -751,13 +751,13 @@ void wpa_supplicant_terminate_proc(struct wpa_global *global)
 	struct wpa_supplicant *wpa_s = global->ifaces;
 	while (wpa_s) {
 		struct wpa_supplicant *next = wpa_s->next;
+		if (wpas_wps_terminate_pending(wpa_s) == 1)
+			pending = 1;
 #ifdef CONFIG_P2P
 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
 			wpas_p2p_disconnect(wpa_s);
 #endif /* CONFIG_P2P */
-		if (wpas_wps_terminate_pending(wpa_s) == 1)
-			pending = 1;
 		wpa_s = next;
 	}
 #endif /* CONFIG_WPS */