From 831770bffe7536b1c63608c2bef0ea223edb605d Mon Sep 17 00:00:00 2001 From: Chengyi Zhao Date: Sat, 20 Jul 2013 17:47:02 +0300 Subject: [PATCH] Cancel delayed scheduled scan when wpa_supplicant cleans up Because a delayed scheduled scan will access the members of struct wpa_supplicant which is freed and this can result in a crash, wpa_supplicant needs to cancel delayed scheduled scan during cleanups. Signed-hostap: Chengyi Zhao --- wpa_supplicant/scan.c | 17 +++++++++++++++++ wpa_supplicant/scan.h | 1 + wpa_supplicant/wpa_supplicant.c | 1 + 3 files changed, 19 insertions(+) diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c index bdd6815e3..75548e2c5 100644 --- a/wpa_supplicant/scan.c +++ b/wpa_supplicant/scan.c @@ -1229,6 +1229,23 @@ void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) } +/** + * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan + * @wpa_s: Pointer to wpa_supplicant data + * + * This function is used to stop a delayed scheduled scan. + */ +void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) +{ + if (!wpa_s->sched_scan_supported) + return; + + wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); + eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, + wpa_s, NULL); +} + + /** * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans * @wpa_s: Pointer to wpa_supplicant data diff --git a/wpa_supplicant/scan.h b/wpa_supplicant/scan.h index e892479f6..2144787b5 100644 --- a/wpa_supplicant/scan.h +++ b/wpa_supplicant/scan.h @@ -15,6 +15,7 @@ int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, int sec, int usec); int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s); void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s); +void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s); void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s); void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, int scanning); diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 5773013eb..59840606d 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -421,6 +421,7 @@ static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s) wpa_bss_deinit(wpa_s); + wpa_supplicant_cancel_delayed_sched_scan(wpa_s); wpa_supplicant_cancel_scan(wpa_s); wpa_supplicant_cancel_auth_timeout(wpa_s); eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);