diff options
author | Eyal Shapira <eyal@wizery.com> | 2012-08-02 11:30:24 +0300 |
---|---|---|
committer | Arik Nemtsov <arik@wizery.com> | 2012-08-02 12:57:44 +0300 |
commit | 6e72d7b7977bfd6310c38aa5d87de0982ddcbb4d (patch) | |
tree | 5347f4ef51ec4f0e2626334867a9e1beeac0a7ed /wpa_supplicant/wpa_supplicant_i.h | |
parent | 2e35a027db58930422b191fe361d3220a2530d71 (diff) | |
download | external_wpa_supplicant_8_ti-6e72d7b7977bfd6310c38aa5d87de0982ddcbb4d.zip external_wpa_supplicant_8_ti-6e72d7b7977bfd6310c38aa5d87de0982ddcbb4d.tar.gz external_wpa_supplicant_8_ti-6e72d7b7977bfd6310c38aa5d87de0982ddcbb4d.tar.bz2 |
Fix use-after-free bug when removing a connected network
When removing a network to which wpa_s is currently connected
the network wpa_ssid struct is freed however wpa_s->current_ssid
keeps pointing to it.
current_ssid is being used later on when handling the disassoc
event. This has been seen to lead to wpa_s crash as well as
using corrupted data from wpa_s->current_ssid.
Fix this by refactoring the removal code into a new function and
do the disconnection which uses wpa_s->current_ssid before the
actual removal. The refactoring is required as preparation for
fixes in additional places where this bug exists like dbus.
Changed wpa_supplicant_disassociate to wpa_supplicant_deauthenticate
as there's a mix of these in different handlers of remove network
which doesn't seem right.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
Diffstat (limited to 'wpa_supplicant/wpa_supplicant_i.h')
-rw-r--r-- | wpa_supplicant/wpa_supplicant_i.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index b608f29..8323547 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -611,7 +611,8 @@ void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s, int reason_code); void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s, int reason_code); - +void wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, + struct wpa_ssid *ssid); void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid); void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s, |