DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

PASN: Fix passing own address and peer address to pasn_deauthenticate()

Browse source 
Need to copy own address and peer address locally and pass them to
pasn_deauthenticate(), because this pointer data will be flushed from
the PTKSA cache before sending the Deauthentication frame and these
pointers to then-freed memory would be dereferenced.

Fixes: 24929543 ("PASN: Deauthenticate on PTKSA cache entry expiration")
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
This commit is contained in:
Vinay Gannevaram 2022-11-12 00:15:36 +05:30 committed by Jouni Malinen
parent a9062432e2
commit 86ab282170
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
wpa_supplicant/pasn_supplicant.c
View file

@ -781,8 +781,14 @@ static int wpas_pasn_immediate_retry(struct wpa_supplicant *wpa_s,
static void wpas_pasn_deauth_cb(struct ptksa_cache_entry *entry)
{
struct wpa_supplicant *wpa_s = entry->ctx;
u8 own_addr[ETH_ALEN];
u8 peer_addr[ETH_ALEN];
wpas_pasn_deauthenticate(wpa_s, entry->own_addr, entry->addr);
/* Use a copy of the addresses from the entry to avoid issues with the
* entry getting freed during deauthentication processing. */
os_memcpy(own_addr, entry->own_addr, ETH_ALEN);
os_memcpy(peer_addr, entry->addr, ETH_ALEN);
wpas_pasn_deauthenticate(wpa_s, own_addr, peer_addr);
}