BSS: Fix use-after-realloc

After reallocation of the bss struct, current_bss wasn't updated and
could hold an invalid pointer (which might get dereferenced later).

Update current_bss if the pointer was changed.

Signed-hostap: Eliad Peller <eliad@wizery.com>
intended-for: hostap-1
This commit is contained in:
Eliad Peller 2012-03-05 17:09:55 +02:00 committed by Jouni Malinen
parent e19467e161
commit eb37e085a4

View file

@ -328,6 +328,8 @@ static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
nbss = os_realloc(bss, sizeof(*bss) + res->ie_len + nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
res->beacon_ie_len); res->beacon_ie_len);
if (nbss) { if (nbss) {
if (wpa_s->current_bss == bss)
wpa_s->current_bss = nbss;
bss = nbss; bss = nbss;
os_memcpy(bss + 1, res + 1, os_memcpy(bss + 1, res + 1,
res->ie_len + res->beacon_ie_len); res->ie_len + res->beacon_ie_len);