jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

atheros: Fix hapd_deinit() handler with generic IEs set

Browse source 
atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Ashok Kumar Ponnaiah 2015-10-14 16:01:30 +03:00 committed by Jouni Malinen
parent 712525b01e
commit d6afe03660
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/drivers/driver_atheros.c
View file

@ -1704,10 +1704,10 @@ atheros_deinit(void *priv)
atheros_reset_appfilter(drv);
if (drv->wpa_ie || drv->wps_beacon_ie || drv->wps_probe_resp_ie) {
atheros_set_opt_ie(priv, NULL, 0);
wpabuf_free(drv->wpa_ie);
wpabuf_free(drv->wps_beacon_ie);
wpabuf_free(drv->wps_probe_resp_ie);
atheros_set_opt_ie(priv, NULL, 0);
}
netlink_deinit(drv->netlink);
(void) linux_set_iface_flags(drv->ioctl_sock, drv->iface, 0);