BSS: Fix use-after-realloc
After reallocation of the bss struct, current_bss wasn't updated and could hold an invalid pointer (which might get dereferenced later). Update current_bss if the pointer was changed. Signed-hostap: Eliad Peller <eliad@wizery.com> intended-for: hostap-1
This commit is contained in:
parent
e19467e161
commit
eb37e085a4
1 changed files with 2 additions and 0 deletions
|
@ -328,6 +328,8 @@ static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
|
||||||
nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
|
nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
|
||||||
res->beacon_ie_len);
|
res->beacon_ie_len);
|
||||||
if (nbss) {
|
if (nbss) {
|
||||||
|
if (wpa_s->current_bss == bss)
|
||||||
|
wpa_s->current_bss = nbss;
|
||||||
bss = nbss;
|
bss = nbss;
|
||||||
os_memcpy(bss + 1, res + 1,
|
os_memcpy(bss + 1, res + 1,
|
||||||
res->ie_len + res->beacon_ie_len);
|
res->ie_len + res->beacon_ie_len);
|
||||||
|
|
Loading…
Reference in a new issue