DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

DPP3: Fix potential use-after-free on push button bootstrap info

Browse source 
When removing the bootstrap info for the PB context, all the possible
pointers to that information needs to be cleared to avoid accesses to
freed memory.

Fixes: 37bccfcab8 ("DPP3: Push button bootstrap mechanism")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2024-01-22 12:41:02 +02:00 committed by Jouni Malinen
parent e3d6fce848
commit 9456adeeba
3 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
wpa_supplicant/dpp_supplicant.c
View file

@ -5665,6 +5665,8 @@ void wpas_dpp_push_button_stop(struct wpa_supplicant *wpa_s)
if (wpa_s->dpp_pb_bi) {
char id[20];
if (wpa_s->dpp_pb_bi == wpa_s->dpp_pkex_bi)
wpa_s->dpp_pkex_bi = NULL;
os_snprintf(id, sizeof(id), "%u", wpa_s->dpp_pb_bi->id);
dpp_bootstrap_remove(wpa_s->dpp, id);
wpa_s->dpp_pb_bi = NULL;