From f0477201bd57cc509535a14f822d0ab5e1b1651c Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 18 Dec 2008 01:06:06 +0200 Subject: [PATCH] WPS: Fixed deinit code for freeing config and registrar data We need to be a bit more careful when removing the WPS configuration block since wpa_s->current_ssid may still be pointing at it. In addition, registrar pointer in wps_context will need to be cleared since the context data is now maintained over multiple EAP-WSC runs. Without this, certain WPS operations could have used freed memory. --- src/eap_peer/eap_wsc.c | 1 + wpa_supplicant/wps_supplicant.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/eap_peer/eap_wsc.c b/src/eap_peer/eap_wsc.c index 7b8affc23..a22c5d6d9 100644 --- a/src/eap_peer/eap_wsc.c +++ b/src/eap_peer/eap_wsc.c @@ -224,6 +224,7 @@ static void eap_wsc_deinit(struct eap_sm *sm, void *priv) wpabuf_free(data->out_buf); wps_deinit(data->wps); wps_registrar_deinit(data->wps_ctx->registrar); + data->wps_ctx->registrar = NULL; os_free(data->wps_ctx->network_key); data->wps_ctx->network_key = NULL; os_free(data); diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c index b3f4882af..dcd072473 100644 --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -200,9 +200,11 @@ static void wpas_clear_wps(struct wpa_supplicant *wpa_s) /* Remove any existing WPS network from configuration */ ssid = wpa_s->conf->ssid; while (ssid) { - if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) + if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) { + if (ssid == wpa_s->current_ssid) + wpa_s->current_ssid = NULL; id = ssid->id; - else + } else id = -1; ssid = ssid->next; if (id >= 0)