From 86ab282170a110b1080aca0d019be7629052e8c2 Mon Sep 17 00:00:00 2001 From: Vinay Gannevaram Date: Sat, 12 Nov 2022 00:15:36 +0530 Subject: [PATCH] PASN: Fix passing own address and peer address to pasn_deauthenticate() Need to copy own address and peer address locally and pass them to pasn_deauthenticate(), because this pointer data will be flushed from the PTKSA cache before sending the Deauthentication frame and these pointers to then-freed memory would be dereferenced. Fixes: 24929543 ("PASN: Deauthenticate on PTKSA cache entry expiration") Signed-off-by: Vinay Gannevaram --- wpa_supplicant/pasn_supplicant.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c index a8d4e919b..fbef7f2df 100644 --- a/wpa_supplicant/pasn_supplicant.c +++ b/wpa_supplicant/pasn_supplicant.c @@ -781,8 +781,14 @@ static int wpas_pasn_immediate_retry(struct wpa_supplicant *wpa_s, static void wpas_pasn_deauth_cb(struct ptksa_cache_entry *entry) { struct wpa_supplicant *wpa_s = entry->ctx; + u8 own_addr[ETH_ALEN]; + u8 peer_addr[ETH_ALEN]; - wpas_pasn_deauthenticate(wpa_s, entry->own_addr, entry->addr); + /* Use a copy of the addresses from the entry to avoid issues with the + * entry getting freed during deauthentication processing. */ + os_memcpy(own_addr, entry->own_addr, ETH_ALEN); + os_memcpy(peer_addr, entry->addr, ETH_ALEN); + wpas_pasn_deauthenticate(wpa_s, own_addr, peer_addr); }