Clear EAPOL supplicant configuration info on current_ssid changes

There were some code paths that allowed obsolete configuration data
pointer to be maintained within EAPOL supplicant in case a network was
removed while not connection to it (i.e., wpa_s->current_ssid not
pointing to the network that was removed). This could result in use of
freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new
control interface connected prior to the EAPOL supplicant configuration
pointer got updated.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-08-25 19:46:57 +03:00
parent 0185007c2e
commit 25a8f9e316
3 changed files with 7 additions and 1 deletions

View File

@ -14,6 +14,7 @@
#include "utils/uuid.h"
#include "common/ieee802_11_defs.h"
#include "common/wpa_ctrl.h"
#include "eapol_supp/eapol_supp_sm.h"
#include "ap/hostapd.h"
#include "ap/ap_config.h"
#include "ap/ap_drv_ops.h"
@ -582,6 +583,7 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
hapd_iface->bss[0]->drv_priv = wpa_s->drv_priv;
wpa_s->current_ssid = ssid;
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
os_memcpy(wpa_s->bssid, wpa_s->own_addr, ETH_ALEN);
wpa_s->assoc_freq = ssid->frequency;
@ -605,6 +607,7 @@ void wpa_supplicant_ap_deinit(struct wpa_supplicant *wpa_s)
return;
wpa_s->current_ssid = NULL;
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
wpa_s->assoc_freq = 0;
#ifdef CONFIG_P2P
if (wpa_s->ap_iface->bss)

View File

@ -187,6 +187,7 @@ void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
wpa_s->ap_ies_from_associnfo = 0;
wpa_s->current_ssid = NULL;
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
wpa_s->key_mgmt = 0;
}

View File

@ -1912,8 +1912,10 @@ void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
return;
}
if (ssid)
if (ssid) {
wpa_s->current_ssid = ssid;
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
}
wpa_s->connect_without_scan = NULL;
wpa_s->disconnected = 0;
wpa_s->reassociate = 1;