From a235aca316a8a4729735fecb00f7d7775b38d993 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 24 Aug 2013 23:31:06 +0300 Subject: [PATCH] Fix DETACH command debug prints to avoid use of freed memory In case a control interface socket is detached because of sendmsg() failing for the socket, function call to detach the socket uses a pointer to the socket information in the structure to be freed. Reorder code to print socket info before freeing the data to avoid use of freed memory in case debug prints are enabled. Signed-hostap: Jouni Malinen --- wpa_supplicant/ctrl_iface_udp.c | 6 +++--- wpa_supplicant/ctrl_iface_unix.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/wpa_supplicant/ctrl_iface_udp.c b/wpa_supplicant/ctrl_iface_udp.c index f3b660d0e..0f53d56c5 100644 --- a/wpa_supplicant/ctrl_iface_udp.c +++ b/wpa_supplicant/ctrl_iface_udp.c @@ -80,14 +80,14 @@ static int wpa_supplicant_ctrl_iface_detach(struct ctrl_iface_priv *priv, while (dst) { if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr && from->sin_port == dst->addr.sin_port) { + wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached " + "%s:%d", inet_ntoa(from->sin_addr), + ntohs(from->sin_port)); if (prev == NULL) priv->ctrl_dst = dst->next; else prev->next = dst->next; os_free(dst); - wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached " - "%s:%d", inet_ntoa(from->sin_addr), - ntohs(from->sin_port)); return 0; } prev = dst; diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c index cd26eabf7..879ab7bc8 100644 --- a/wpa_supplicant/ctrl_iface_unix.c +++ b/wpa_supplicant/ctrl_iface_unix.c @@ -94,12 +94,12 @@ static int wpa_supplicant_ctrl_iface_detach(struct dl_list *ctrl_dst, os_memcmp(from->sun_path, dst->addr.sun_path, fromlen - offsetof(struct sockaddr_un, sun_path)) == 0) { - dl_list_del(&dst->list); - os_free(dst); wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached", (u8 *) from->sun_path, fromlen - offsetof(struct sockaddr_un, sun_path)); + dl_list_del(&dst->list); + os_free(dst); return 0; } }