From 4d6c3de3df71c4ac363a2f49cf730908f6b532f4 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 27 Feb 2008 17:53:22 -0800 Subject: [PATCH] driver_ralink: Make sure assoc_{req,resp}_ies do not get double-freed --- src/drivers/driver_ralink.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/drivers/driver_ralink.c b/src/drivers/driver_ralink.c index 27cae0bc6..6d99b3f11 100644 --- a/src/drivers/driver_ralink.c +++ b/src/drivers/driver_ralink.c @@ -640,7 +640,7 @@ wpa_driver_ralink_event_wireless(struct wpa_driver_ralink_data *drv, "receive ASSOCINFO_EVENT !!!"); assoc_info_buf = - os_malloc(drv->assoc_req_ies_len + + os_zalloc(drv->assoc_req_ies_len + drv->assoc_resp_ies_len + 1); if (assoc_info_buf == NULL) { @@ -652,18 +652,26 @@ wpa_driver_ralink_event_wireless(struct wpa_driver_ralink_data *drv, return; } - os_memcpy(assoc_info_buf, drv->assoc_req_ies, - drv->assoc_req_ies_len); + if (drv->assoc_req_ies) { + os_memcpy(assoc_info_buf, + drv->assoc_req_ies, + drv->assoc_req_ies_len); + } info_pos = assoc_info_buf + drv->assoc_req_ies_len; - os_memcpy(info_pos, drv->assoc_resp_ies, - drv->assoc_resp_ies_len); + if (drv->assoc_resp_ies) { + os_memcpy(info_pos, + drv->assoc_resp_ies, + drv->assoc_resp_ies_len); + } assoc_info_buf[drv->assoc_req_ies_len + drv->assoc_resp_ies_len] = '\0'; wpa_driver_ralink_event_wireless_custom( drv, ctx, assoc_info_buf); os_free(drv->assoc_req_ies); + drv->assoc_req_ies = NULL; os_free(drv->assoc_resp_ies); + drv->assoc_resp_ies = NULL; os_free(assoc_info_buf); } else if (iwe->u.data.flags == RT_DISASSOC_EVENT_FLAG) {