P2P: Fix wpa_supplicant crash on P2P WPS PBC overlap case
Once PBC overlap detected when using dynamic group interfaces, the wpa_s corresponding to P2P group interface is freed. This patch avoids accessing the wpa_s data structure after it is freed. This fixes a possible crash in P2P client role in such a case.
This commit is contained in:
Jithu Jance
Jouni Malinen
parent
acc247b260
commit
5cbd88d921
2 changed files with 16 additions and 10 deletions
|
|
@ -819,22 +819,22 @@ static void wpa_supplicant_req_new_scan(struct wpa_supplicant *wpa_s,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
|
int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
|
||||||
struct wpa_bss *selected,
|
struct wpa_bss *selected,
|
||||||
struct wpa_ssid *ssid)
|
struct wpa_ssid *ssid)
|
||||||
{
|
{
|
||||||
if (wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) {
|
if (wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) {
|
||||||
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP
|
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP
|
||||||
"PBC session overlap");
|
"PBC session overlap");
|
||||||
#ifdef CONFIG_P2P
|
#ifdef CONFIG_P2P
|
||||||
if (wpas_p2p_notif_pbc_overlap(wpa_s) == 1)
|
if (wpas_p2p_notif_pbc_overlap(wpa_s) == 1)
|
||||||
return;
|
return -1;
|
||||||
#endif /* CONFIG_P2P */
|
#endif /* CONFIG_P2P */
|
||||||
|
|
||||||
#ifdef CONFIG_WPS
|
#ifdef CONFIG_WPS
|
||||||
wpas_wps_cancel(wpa_s);
|
wpas_wps_cancel(wpa_s);
|
||||||
#endif /* CONFIG_WPS */
|
#endif /* CONFIG_WPS */
|
||||||
return;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -850,7 +850,7 @@ void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
|
||||||
0))) {
|
0))) {
|
||||||
if (wpa_supplicant_scard_init(wpa_s, ssid)) {
|
if (wpa_supplicant_scard_init(wpa_s, ssid)) {
|
||||||
wpa_supplicant_req_new_scan(wpa_s, 10, 0);
|
wpa_supplicant_req_new_scan(wpa_s, 10, 0);
|
||||||
return;
|
return 0;
|
||||||
}
|
}
|
||||||
wpa_msg(wpa_s, MSG_DEBUG, "Request association: "
|
wpa_msg(wpa_s, MSG_DEBUG, "Request association: "
|
||||||
"reassociate: %d selected: "MACSTR " bssid: " MACSTR
|
"reassociate: %d selected: "MACSTR " bssid: " MACSTR
|
||||||
|
|
@ -863,6 +863,8 @@ void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
|
||||||
wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with the "
|
wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with the "
|
||||||
"selected AP");
|
"selected AP");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1088,7 +1090,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
|
||||||
wpa_scan_results_free(scan_res);
|
wpa_scan_results_free(scan_res);
|
||||||
if (skip)
|
if (skip)
|
||||||
return 0;
|
return 0;
|
||||||
wpa_supplicant_connect(wpa_s, selected, ssid);
|
|
||||||
|
if (wpa_supplicant_connect(wpa_s, selected, ssid) < 0) {
|
||||||
|
wpa_dbg(wpa_s, MSG_DEBUG, "Connect failed");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
wpa_supplicant_rsn_preauth_scan_results(wpa_s);
|
wpa_supplicant_rsn_preauth_scan_results(wpa_s);
|
||||||
} else {
|
} else {
|
||||||
wpa_scan_results_free(scan_res);
|
wpa_scan_results_free(scan_res);
|
||||||
|
|
|
||||||
|
|
@ -581,9 +581,9 @@ int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s);
|
||||||
|
|
||||||
/* events.c */
|
/* events.c */
|
||||||
void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s);
|
void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s);
|
||||||
void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
|
int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
|
||||||
struct wpa_bss *selected,
|
struct wpa_bss *selected,
|
||||||
struct wpa_ssid *ssid);
|
struct wpa_ssid *ssid);
|
||||||
|
|
||||||
/* eap_register.c */
|
/* eap_register.c */
|
||||||
int eap_register_methods(void);
|
int eap_register_methods(void);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue