Fix REMOVE_NETWORK to not run operations with invalid current_ssid

If the REMOVE_NETWORK command is used to delete the currently connected network, some operations were run between removing the network and clearing of wpa_s->current_ssid. This left wpa_s->current_ssid pointing to freed memory and should any operation end up using it before the pointer gets cleared, freed memory could be references. Avoid this by removing the network only after having completed the operations that clear wpa_s->current_ssid. Signed-hostap: Deepthi Gowri <deepthi@codeaurora.org> intended-for: hostap-1
2012-09-03 11:55:38 +03:00 · 2012-09-03 11:55:38 +03:00 · 59ff6653aa
parent 7ff833674b
commit 59ff6653aa
1 changed files with 7 additions and 2 deletions
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@ -1861,8 +1861,7 @@ static int wpa_supplicant_ctrl_iface_remove_network(
 	ssid = wpa_config_get_network(wpa_s->conf, id);
 	if (ssid)
 		wpas_notify_network_removed(wpa_s, ssid);
-	if (ssid == NULL ||
-	    wpa_config_remove_network(wpa_s->conf, id) < 0) {
+	if (ssid == NULL) {
 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
 			   "id=%d", id);
 		return -1;
@ -1886,6 +1885,12 @@ static int wpa_supplicant_ctrl_iface_remove_network(
 		wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
 	}

+	if (wpa_config_remove_network(wpa_s->conf, id) < 0) {
+		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Not able to remove the "
+			   "network id=%d", id);
+		return -1;
+	}
+
 	return 0;
 }