[PATCH] nl80211: use the process_bss_event for the nl_connect handler

Jouni Malinen j at w1.fi
Sat Feb 6 04:35:37 EST 2021

On Thu, Jan 21, 2021 at 05:40:34PM +0200, Andrei Otcheretianski wrote:
> Fix it by using the process_bss_event() handler when the nl_connect
> handler is used.

In general, that sounds fine, but there is one detail that is missed
here in the implementation:

> +send_and_recv_msgs_connect_handle(struct wpa_driver_nl80211_data *drv,
> +				  struct nl_msg *msg, struct i802_bss *bss)
> +{
> +	struct nl_sock *nl_connect = get_connect_handle(bss);
> +
> +	if (nl_connect)
> +		return send_and_recv_msgs_owner(drv, msg, nl_connect, 1,
> +						process_bss_event, bss, NULL,
> +						NULL);

> @@ -6196,8 +6199,7 @@ skip_auth_type:
> -	ret = send_and_recv_msgs_owner(drv, msg, nl_connect, 1, NULL,
> -				       (void *) -1, NULL, NULL);
> +	ret = send_and_recv_msgs_connect_handle(drv, msg, bss);

This would lose that special valid_handler = NULL, valid_data = (void *)
-1 combination that is needed at the end of send_and_recv() to be able
to use nl80211_nlmsg_clear(msg) to get any private material like keys
explicitly cleared from freed heap memory. See commit bbd89bfca0b4i
("nl80211: Clear nlmsg payload with keys before freeing") for more

That special case needs to be covered here. Since it may be inconvenient
to cover this without adding new arguments to all send_and_recv
functions, it may be worth considering whether that conditional
nl80211_nlmsg_clear() call at the end of send_and_recv() should simply
be made unconditional.. It would burn some more resources clearing
memory unnecessarily for most messages, but that's unlikely to be much
of and issue in practice.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list