From 25a8f9e316013ee65aafe1d2c8ea276f5e77da42 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 25 Aug 2013 19:46:57 +0300 Subject: [PATCH] Clear EAPOL supplicant configuration info on current_ssid changes There were some code paths that allowed obsolete configuration data pointer to be maintained within EAPOL supplicant in case a network was removed while not connection to it (i.e., wpa_s->current_ssid not pointing to the network that was removed). This could result in use of freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new control interface connected prior to the EAPOL supplicant configuration pointer got updated. Signed-hostap: Jouni Malinen --- wpa_supplicant/ap.c | 3 +++ wpa_supplicant/events.c | 1 + wpa_supplicant/wpa_supplicant.c | 4 +++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index 4de20dd03..2950d2d1a 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -14,6 +14,7 @@ #include "utils/uuid.h" #include "common/ieee802_11_defs.h" #include "common/wpa_ctrl.h" +#include "eapol_supp/eapol_supp_sm.h" #include "ap/hostapd.h" #include "ap/ap_config.h" #include "ap/ap_drv_ops.h" @@ -582,6 +583,7 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s, hapd_iface->bss[0]->drv_priv = wpa_s->drv_priv; wpa_s->current_ssid = ssid; + eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); os_memcpy(wpa_s->bssid, wpa_s->own_addr, ETH_ALEN); wpa_s->assoc_freq = ssid->frequency; @@ -605,6 +607,7 @@ void wpa_supplicant_ap_deinit(struct wpa_supplicant *wpa_s) return; wpa_s->current_ssid = NULL; + eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); wpa_s->assoc_freq = 0; #ifdef CONFIG_P2P if (wpa_s->ap_iface->bss) diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 3ecb0ceb9..40c6adf97 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -187,6 +187,7 @@ void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s) eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); wpa_s->ap_ies_from_associnfo = 0; wpa_s->current_ssid = NULL; + eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); wpa_s->key_mgmt = 0; } diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index a18922a28..7bfbc0e8b 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -1912,8 +1912,10 @@ void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s, return; } - if (ssid) + if (ssid) { wpa_s->current_ssid = ssid; + eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); + } wpa_s->connect_without_scan = NULL; wpa_s->disconnected = 0; wpa_s->reassociate = 1;