mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
Fix RSN preauth candidate list clearing to avoid segfaults
Commit c5b26e33c1
broke the processing
of the candidate list entries when an old entry was either removed or
reused. The entry needs to be removed from the list to avoid leaving
pointers to freed memory.
http://bugs.gentoo.org/show_bug.cgi?id=330085
http://w1.fi/bugz/show_bug.cgi?id=372
This commit is contained in:
parent
ba2d0d7d68
commit
6c78ae1443
@ -49,9 +49,11 @@ void pmksa_candidate_free(struct wpa_sm *sm)
|
||||
return;
|
||||
|
||||
dl_list_for_each_safe(entry, n, &sm->pmksa_candidates,
|
||||
struct rsn_pmksa_candidate, list)
|
||||
struct rsn_pmksa_candidate, list) {
|
||||
dl_list_del(&entry->list);
|
||||
os_free(entry);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void rsn_preauth_receive(void *ctx, const u8 *src_addr,
|
||||
@ -378,6 +380,7 @@ void pmksa_candidate_add(struct wpa_sm *sm, const u8 *bssid,
|
||||
}
|
||||
|
||||
if (cand) {
|
||||
dl_list_del(&cand->list);
|
||||
if (prio < PMKID_CANDIDATE_PRIO_SCAN)
|
||||
cand->priority = prio;
|
||||
} else {
|
||||
|
Loading…
Reference in New Issue
Block a user