Fix wpa_cli disconnect/reassociate race

[Daniel Drake]

It's possible to trigger a race with the following steps:

 1. start wpa_supplicant and wait for it to complete association
 2. run "wpa_cli disconnect" and wait for it to disconnect
 3. run "wpa_cli reassociate; wpa_cli disconnect"

At this point, wpa_cli will complete reassociation, effectively ignoring the
final disconnect command.

The reason behind this is that the reassociate command has already triggered
a scan before the disconnect command is processed. The disconnect command
puts the interface into disconnected state, but then the scan results come in
wpa_supplicant processes the results regardless, and decides to associate to
one of the networks.
---
 wpa_supplicant/ctrl_iface.c |    1 +
 wpa_supplicant/events.c     |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

I have also backported this to 0.5.x but I'll await review of this patch before
sending it on.

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index ae17511..a1e63bc 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -1263,6 +1263,7 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 		reply_len = wpa_supplicant_ctrl_iface_list_networks(
 			wpa_s, reply, reply_size);
 	} else if (os_strcmp(buf, "DISCONNECT") == 0) {
+		wpa_s->reassociate = 0;
 		wpa_s->disconnected = 1;
 		wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
 	} else if (os_strcmp(buf, "SCAN") == 0) {
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index f9592e0..e98eec7 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -520,7 +520,7 @@ static void wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s)
 
 	wpa_supplicant_dbus_notify_scan_results(wpa_s);
 
-	if (wpa_s->conf->ap_scan == 2)
+	if (wpa_s->conf->ap_scan == 2 || wpa_s->disconnected)
 		return;
 	results = wpa_s->scan_results;
 	num = wpa_s->num_scan_results;
-- 
1.5.2.2