From ab28911dbf77fa050459fb30d28037f54c04bde6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 10 May 2012 10:49:22 +0300 Subject: [PATCH] P2P: Deinitialize global P2P context on P2P mgmt interface removal The P2P implementation assumes that the first wpa_s interface instance is used to manage P2P operations and the P2P module maintains a pointer to this interface in msg_ctx. This can result in issues (e.g., use of freed memory) when the management interface is removed. Fix this by deinitializing global P2P data if the interface that created it is removed. This will disable P2P until the next interface is added. Signed-hostap: Jouni Malinen intended-for: hostap-1 --- wpa_supplicant/p2p_supplicant.c | 2 ++ wpa_supplicant/wpa_supplicant.c | 8 ++++++++ wpa_supplicant/wpa_supplicant_i.h | 1 + 3 files changed, 11 insertions(+) diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c index c25c03ec0..c9d075f40 100644 --- a/wpa_supplicant/p2p_supplicant.c +++ b/wpa_supplicant/p2p_supplicant.c @@ -2482,6 +2482,7 @@ int wpas_p2p_init(struct wpa_global *global, struct wpa_supplicant *wpa_s) global->p2p = p2p_init(&p2p); if (global->p2p == NULL) return -1; + global->p2p_init_wpa_s = wpa_s; for (i = 0; i < MAX_WPS_VENDOR_EXT; i++) { if (wpa_s->conf->wps_vendor_ext[i] == NULL) @@ -2570,6 +2571,7 @@ void wpas_p2p_deinit_global(struct wpa_global *global) p2p_deinit(global->p2p); global->p2p = NULL; + global->p2p_init_wpa_s = NULL; } diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 0996c3820..6e881cf02 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -2702,6 +2702,14 @@ static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s, wpa_supplicant_cleanup(wpa_s); +#ifdef CONFIG_P2P + if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) { + wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing " + "the management interface is being removed"); + wpas_p2p_deinit_global(wpa_s->global); + } +#endif /* CONFIG_P2P */ + if (wpa_s->drv_priv) wpa_drv_deinit(wpa_s); diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index 248c54118..f36d117eb 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -225,6 +225,7 @@ struct wpa_global { size_t drv_count; struct os_time suspend_time; struct p2p_data *p2p; + struct wpa_supplicant *p2p_init_wpa_s; struct wpa_supplicant *p2p_group_formation; u8 p2p_dev_addr[ETH_ALEN]; struct dl_list p2p_srv_bonjour; /* struct p2p_srv_bonjour */