WPS: Fixed deinit code for freeing config and registrar data

We need to be a bit more careful when removing the WPS configuration
block since wpa_s->current_ssid may still be pointing at it. In
addition, registrar pointer in wps_context will need to be cleared
since the context data is now maintained over multiple EAP-WSC runs.
Without this, certain WPS operations could have used freed memory.
This commit is contained in:
Jouni Malinen 2008-12-18 01:06:06 +02:00
parent 47f72245e2
commit f0477201bd
2 changed files with 5 additions and 2 deletions

View file

@ -224,6 +224,7 @@ static void eap_wsc_deinit(struct eap_sm *sm, void *priv)
wpabuf_free(data->out_buf); wpabuf_free(data->out_buf);
wps_deinit(data->wps); wps_deinit(data->wps);
wps_registrar_deinit(data->wps_ctx->registrar); wps_registrar_deinit(data->wps_ctx->registrar);
data->wps_ctx->registrar = NULL;
os_free(data->wps_ctx->network_key); os_free(data->wps_ctx->network_key);
data->wps_ctx->network_key = NULL; data->wps_ctx->network_key = NULL;
os_free(data); os_free(data);

View file

@ -200,9 +200,11 @@ static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
/* Remove any existing WPS network from configuration */ /* Remove any existing WPS network from configuration */
ssid = wpa_s->conf->ssid; ssid = wpa_s->conf->ssid;
while (ssid) { while (ssid) {
if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
if (ssid == wpa_s->current_ssid)
wpa_s->current_ssid = NULL;
id = ssid->id; id = ssid->id;
else } else
id = -1; id = -1;
ssid = ssid->next; ssid = ssid->next;
if (id >= 0) if (id >= 0)