From 4f9a5ea5ccac9ee4f7664e5368a8148e23f04051 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 30 Nov 2014 15:48:37 +0200 Subject: [PATCH] WPS: Fix current_ssid clearing on duplicate network removal It was possible for the current network profile to be deleted when merging duplicated WPS credentials. However, this did not clear wpa_s->current_ssid and it was possible for something else to end up dereferencing that pointer to now freed memory. This could be hit, e.g., with ap_wps_mixed_cred. Fix this by clearing current_ssid also in this code path similarly to other cases of network block getting removed. Signed-off-by: Jouni Malinen --- wpa_supplicant/wps_supplicant.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c index 40f235f73..d934b1adf 100644 --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -339,6 +339,8 @@ static void wpas_wps_remove_dup_network(struct wpa_supplicant *wpa_s, /* Remove the duplicated older network entry. */ wpa_printf(MSG_DEBUG, "Remove duplicate network %d", ssid->id); wpas_notify_network_removed(wpa_s, ssid); + if (wpa_s->current_ssid == ssid) + wpa_s->current_ssid = NULL; wpa_config_remove_network(wpa_s->conf, ssid->id); } }