mesh: Fix SAE reauthentication processing

ap_free_sta() frees the sta entry, so sta->addr cannot be used after
that call. Fix the sequence of these two calls to avoid use of freed
memory to determine which PMKSA cache entry to remove.

Fixes: 9f2cf23e2e ("mesh: Add support for PMKSA caching")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-04-15 21:57:58 +03:00 committed by Jouni Malinen
parent 2f68051395
commit 153d4c501a

View File

@ -896,8 +896,8 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR
") doing reauthentication", ") doing reauthentication",
MAC2STR(sta->addr)); MAC2STR(sta->addr));
ap_free_sta(hapd, sta);
wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
ap_free_sta(hapd, sta);
} else if (auth_transaction == 1) { } else if (auth_transaction == 1) {
wpa_printf(MSG_DEBUG, "SAE: Start reauthentication"); wpa_printf(MSG_DEBUG, "SAE: Start reauthentication");
ret = auth_sae_send_commit(hapd, sta, bssid, 1); ret = auth_sae_send_commit(hapd, sta, bssid, 1);