[PATCH] Patch to fix supplicant crash seen in P2P WPS overlap case.
JJ
mails4jj
Mon Oct 24 01:00:42 PDT 2011
Patch to fix supplicant crash seen in P2P WPS overlap case. Once overlap
is detected, the wpa_s corresponding to P2P Group formation is freed.
This patch avoids accessing the wpa_s data structure after it is freed.
Kinldy see whether the patch is okay.
---
wpa_supplicant/events.c | 16 +++++++++++-----
wpa_supplicant/wpa_supplicant_i.h | 2 +-
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 4ec935e..f42a6e6 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -706,7 +706,7 @@ static void wpa_supplicant_req_new_scan(struct
wpa_supplicant *wpa_s,
}
-void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
+int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
struct wpa_bss *selected,
struct wpa_ssid *ssid)
{
@@ -715,13 +715,13 @@ void wpa_supplicant_connect(struct wpa_supplicant
*wpa_s,
"PBC session overlap");
#ifdef CONFIG_P2P
if (wpas_p2p_notif_pbc_overlap(wpa_s) == 1)
- return;
+ return -1;
#endif /* CONFIG_P2P */
#ifdef CONFIG_WPS
wpas_wps_cancel(wpa_s);
#endif /* CONFIG_WPS */
- return;
+ return -1;
}
/*
@@ -737,7 +737,7 @@ void wpa_supplicant_connect(struct wpa_supplicant
*wpa_s,
0))) {
if (wpa_supplicant_scard_init(wpa_s, ssid)) {
wpa_supplicant_req_new_scan(wpa_s, 10, 0);
- return;
+ return 0;
}
wpa_msg(wpa_s, MSG_DEBUG, "Request association: "
"reassociate: %d selected: "MACSTR " bssid: "
MACSTR
@@ -750,6 +750,8 @@ void wpa_supplicant_connect(struct wpa_supplicant
*wpa_s,
wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with the "
"selected AP");
}
+
+ return 0;
}
@@ -975,7 +977,11 @@ static int _wpa_supplicant_event_scan_results(struct
wpa_supplicant *wpa_s,
wpa_scan_results_free(scan_res);
if (skip)
return 0;
- wpa_supplicant_connect(wpa_s, selected, ssid);
+
+ if(wpa_supplicant_connect(wpa_s, selected, ssid) < 0) {
+ wpa_dbg(wpa_s, MSG_DEBUG, "Connect Failed");
+ return -1;
+ }
wpa_supplicant_rsn_preauth_scan_results(wpa_s);
} else {
wpa_scan_results_free(scan_res);
diff --git a/wpa_supplicant/wpa_supplicant_i.h
b/wpa_supplicant/wpa_supplicant_i.h
index 54f5cc4..afcfda9 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -671,7 +671,7 @@ int wpas_driver_bss_selection(struct wpa_supplicant
*wpa_s);
/* events.c */
void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
+int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
struct wpa_bss *selected,
struct wpa_ssid *ssid);
--
1.7.4.1
- *Jithu Jance.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20111024/7ce3c350/attachment.htm
More information about the Hostap
mailing list