wpa_supplicant: Fix crash when terminating all interfaces
In wpa_supplicant_terminate_proc(), while iterating and terminating interfaces, after an interface is terminated, we can no longer access its memory as it is no longer valid and causes a crash. Fix this by saving the pointer to the next interface before freeing the current one to avoid accessing an invalid memory location. Signed-hostap: Moshe Benji <moshe.benji@intel.com>
This commit is contained in:
parent
76aab0305c
commit
ab41595f35
1 changed files with 2 additions and 1 deletions
|
@ -725,6 +725,7 @@ void wpa_supplicant_terminate_proc(struct wpa_global *global)
|
||||||
#ifdef CONFIG_WPS
|
#ifdef CONFIG_WPS
|
||||||
struct wpa_supplicant *wpa_s = global->ifaces;
|
struct wpa_supplicant *wpa_s = global->ifaces;
|
||||||
while (wpa_s) {
|
while (wpa_s) {
|
||||||
|
struct wpa_supplicant *next = wpa_s->next;
|
||||||
#ifdef CONFIG_P2P
|
#ifdef CONFIG_P2P
|
||||||
if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
|
if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
|
||||||
(wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
|
(wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
|
||||||
|
@ -732,7 +733,7 @@ void wpa_supplicant_terminate_proc(struct wpa_global *global)
|
||||||
#endif /* CONFIG_P2P */
|
#endif /* CONFIG_P2P */
|
||||||
if (wpas_wps_terminate_pending(wpa_s) == 1)
|
if (wpas_wps_terminate_pending(wpa_s) == 1)
|
||||||
pending = 1;
|
pending = 1;
|
||||||
wpa_s = wpa_s->next;
|
wpa_s = next;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_WPS */
|
#endif /* CONFIG_WPS */
|
||||||
if (pending)
|
if (pending)
|
||||||
|
|
Loading…
Reference in a new issue