DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

DPP2: Do not try to remove Controller TCP connection twice on error

Browse source 
These code paths on the Controller were calling dpp_connection_remove()
twice for the same connection in the error cases. That would result in
double-freeing of the memory, so fix this by remove the
dpp_connection_remove() call from the called function and instead,
remove the connection in dpp_controller_rx() error handling.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2021-10-19 00:23:09 +03:00 committed by Jouni Malinen
parent a47d484919
commit 2e122945fa
1 changed files with 1 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/common/dpp_tcp.c
View file

@ -671,10 +671,8 @@ static int dpp_controller_rx_auth_req(struct dpp_connection *conn,
}
if (dpp_set_configurator(conn->auth,
conn->ctrl->configurator_params) < 0) {
dpp_connection_remove(conn);
conn->ctrl->configurator_params) < 0)
return -1;
}
return dpp_tcp_send_msg(conn, conn->auth->resp_msg);
}
@ -700,7 +698,6 @@ static int dpp_controller_rx_auth_resp(struct dpp_connection *conn,
return 0;
}
wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
dpp_connection_remove(conn);
return -1;
}
@ -862,7 +859,6 @@ static int dpp_controller_rx_presence_announcement(struct dpp_connection *conn,
return -1;
if (dpp_set_configurator(auth, conn->ctrl->configurator_params) < 0) {
dpp_auth_deinit(auth);
dpp_connection_remove(conn);
return -1;
}