From d6afe03660ffdc6b6bee9a293a051769720060c6 Mon Sep 17 00:00:00 2001
From: Ashok Kumar Ponnaiah <aponnaia@qti.qualcomm.com>
Date: Wed, 14 Oct 2015 16:01:30 +0300
Subject: [PATCH] atheros: Fix hapd_deinit() handler with generic IEs set

atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 src/drivers/driver_atheros.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/drivers/driver_atheros.c b/src/drivers/driver_atheros.c
index dbc150376..b786ad2a2 100644
--- a/src/drivers/driver_atheros.c
+++ b/src/drivers/driver_atheros.c
@@ -1704,10 +1704,10 @@ atheros_deinit(void *priv)
 	atheros_reset_appfilter(drv);
 
 	if (drv->wpa_ie || drv->wps_beacon_ie || drv->wps_probe_resp_ie) {
+		atheros_set_opt_ie(priv, NULL, 0);
 		wpabuf_free(drv->wpa_ie);
 		wpabuf_free(drv->wps_beacon_ie);
 		wpabuf_free(drv->wps_probe_resp_ie);
-		atheros_set_opt_ie(priv, NULL, 0);
 	}
 	netlink_deinit(drv->netlink);
 	(void) linux_set_iface_flags(drv->ioctl_sock, drv->iface, 0);