wpa_supplicant: Fix crash when terminating all interfaces

In wpa_supplicant_terminate_proc(), while iterating and
terminating interfaces, after an interface is terminated,
we can no longer access its memory as it is no longer valid
and causes a crash.

Fix this by saving the pointer to the next interface before freeing
the current one to avoid accessing an invalid memory location.

Signed-hostap: Moshe Benji <moshe.benji@intel.com>
This commit is contained in:
Moshe Benji 2013-12-15 10:50:07 +02:00 committed by Jouni Malinen
parent 76aab0305c
commit ab41595f35

View file

@ -725,6 +725,7 @@ void wpa_supplicant_terminate_proc(struct wpa_global *global)
#ifdef CONFIG_WPS #ifdef CONFIG_WPS
struct wpa_supplicant *wpa_s = global->ifaces; struct wpa_supplicant *wpa_s = global->ifaces;
while (wpa_s) { while (wpa_s) {
struct wpa_supplicant *next = wpa_s->next;
#ifdef CONFIG_P2P #ifdef CONFIG_P2P
if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE || if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
(wpa_s->current_ssid && wpa_s->current_ssid->p2p_group)) (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
@ -732,7 +733,7 @@ void wpa_supplicant_terminate_proc(struct wpa_global *global)
#endif /* CONFIG_P2P */ #endif /* CONFIG_P2P */
if (wpas_wps_terminate_pending(wpa_s) == 1) if (wpas_wps_terminate_pending(wpa_s) == 1)
pending = 1; pending = 1;
wpa_s = wpa_s->next; wpa_s = next;
} }
#endif /* CONFIG_WPS */ #endif /* CONFIG_WPS */
if (pending) if (pending)