[PATCH]Double free on WPS error case
j at w1.fi
Fri Jan 30 14:19:42 EST 2009
On Fri, Jan 30, 2009 at 06:42:59PM +0900, Masashi Honma wrote:
> On "wpas_wps_init function" error case, "wps" area will be freed. But "wpas_wps_deinit" will free the identical area too on the trailing process.
How would wpas_wps_deinit() know what to free in the error case? The wps
pointer is lost when returning from wpas_wps_init() on all error paths.
I do not see a code path that would result in freeing the struct
wps_context data twice.
Jouni Malinen PGP id EFC895FA
More information about the HostAP