WPS ER: Fix AP entry freeing on timeout

Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
This commit is contained in:
Jouni Malinen 2009-11-21 12:12:49 +02:00
parent b3f371cabf
commit 7c04d5ec6c

View file

@ -268,11 +268,30 @@ static void wps_er_ap_free(struct wps_er *er, struct wps_er_ap *ap)
} }
static void wps_er_ap_unlink(struct wps_er *er, struct wps_er_ap *ap)
{
struct wps_er_ap *prev, *tmp;
tmp = er->ap;
prev = NULL;
while (tmp) {
if (tmp == ap) {
if (prev)
prev->next = ap->next;
else
er->ap = ap->next;
}
prev = tmp;
tmp = tmp->next;
}
}
static void wps_er_ap_timeout(void *eloop_data, void *user_ctx) static void wps_er_ap_timeout(void *eloop_data, void *user_ctx)
{ {
struct wps_er *er = eloop_data; struct wps_er *er = eloop_data;
struct wps_er_ap *ap = user_ctx; struct wps_er_ap *ap = user_ctx;
wpa_printf(MSG_DEBUG, "WPS ER: AP advertisement timed out"); wpa_printf(MSG_DEBUG, "WPS ER: AP advertisement timed out");
wps_er_ap_unlink(er, ap);
wps_er_ap_free(er, ap); wps_er_ap_free(er, ap);
} }