[PATCH] wpa_supplicant: Fix access to the freed memory when removing all networks
Jaewan Kim
jaewan
Mon Jan 28 20:37:34 PST 2013
Previous CL 'Fix REMOVE_NETWORK to not run operations with invalid
current_ssid' fixed this issue for 'removing a network', and we also need to
take care of 'removing all networks'.
Signed-hostap: Jaewan Kim <jaewan at google.com>
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index ecafc6c..33deacc 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -2108,14 +2108,6 @@ static int wpa_supplicant_ctrl_iface_remove_network(
/* cmd: "<network id>" or "all" */
if (os_strcmp(cmd, "all") == 0) {
wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_NETWORK all");
- ssid = wpa_s->conf->ssid;
- while (ssid) {
- struct wpa_ssid *remove_ssid = ssid;
- id = ssid->id;
- ssid = ssid->next;
- wpas_notify_network_removed(wpa_s, remove_ssid);
- wpa_config_remove_network(wpa_s->conf, id);
- }
eapol_sm_invalidate_cached_session(wpa_s->eapol);
if (wpa_s->current_ssid) {
#ifdef CONFIG_SME
@@ -2126,6 +2118,14 @@ static int wpa_supplicant_ctrl_iface_remove_network(
wpa_supplicant_deauthenticate(
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
}
+ ssid = wpa_s->conf->ssid;
+ while (ssid) {
+ struct wpa_ssid *remove_ssid = ssid;
+ id = ssid->id;
+ ssid = ssid->next;
+ wpas_notify_network_removed(wpa_s, remove_ssid);
+ wpa_config_remove_network(wpa_s->conf, id);
+ }
return 0;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20130129/3a0167d3/attachment.htm
More information about the Hostap
mailing list