[PATCH 8/8] mka: fix use after free

Tue Jul 19 02:56:58 PDT 2016

We must cancel the timer when we delete an MKA instance.

Signed-off-by: Sabrina Dubroca <sd at queasysnail.net>
---
 src/pae/ieee802_1x_kay.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 3e349ad84169..98f3405bd857 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -3434,6 +3434,8 @@ ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
 		return;
 	}
 
+	eloop_cancel_timeout(ieee802_1x_participant_timer,
+			       participant, NULL);
 	dl_list_del(&participant->list);
 
 	/* remove live peer */
-- 
2.9.0


