From a831d78b5fb6af549533456cda57f88d73f6d153 Mon Sep 17 00:00:00 2001 From: Deepthi Gowri Date: Mon, 3 Sep 2012 11:55:38 +0300 Subject: Fix REMOVE_NETWORK to not run operations with invalid current_ssid If the REMOVE_NETWORK command is used to delete the currently connected network, some operations were run between removing the network and clearing of wpa_s->current_ssid. This left wpa_s->current_ssid pointing to freed memory and should any operation end up using it before the pointer gets cleared, freed memory could be references. Avoid this by removing the network only after having completed the operations that clear wpa_s->current_ssid. Signed-hostap: Deepthi Gowri intended-for: hostap-1 --- wpa_supplicant/ctrl_iface.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'wpa_supplicant') diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index dbf8a84..89d6020 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -1881,8 +1881,7 @@ static int wpa_supplicant_ctrl_iface_remove_network( ssid = wpa_config_get_network(wpa_s->conf, id); if (ssid) wpas_notify_network_removed(wpa_s, ssid); - if (ssid == NULL || - wpa_config_remove_network(wpa_s->conf, id) < 0) { + if (ssid == NULL) { wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network " "id=%d", id); return -1; @@ -1906,6 +1905,12 @@ static int wpa_supplicant_ctrl_iface_remove_network( wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING); } + if (wpa_config_remove_network(wpa_s->conf, id) < 0) { + wpa_printf(MSG_DEBUG, "CTRL_IFACE: Not able to remove the " + "network id=%d", id); + return -1; + } + return 0; } -- cgit v1.1