[PATCH] p2p: fix rogue pointer access
j at w1.fi
Wed Oct 19 17:34:45 EDT 2011
On Wed, Oct 19, 2011 at 10:30:13AM -0700, Angie Chinchilla wrote:
> From: Reinette Chatre <reinette.chatre at intel.com>
> When an interface is added a new wpa_supplicant struct is allocated and
> initialized, which includes P2P initialization. At this time the local
> (touching the wpa_supplicant struct) and global (touching the global
> p2p_data and p2p_config) P2P initialization is done. The global P2P
> initialization only needs to be done once and indeed the test "if
> (global->p2p)" is used to decide whether to do the global initialization or
> A problem is that the global p2p_config structure contains a pointer to the
> newly created wpa_supplicant structure associated with the interface.
Incorrect.. The pointer in global P2P data is supposed to point to the
parent interface, i.e., the wpa_s instance that did indeed run
> an interface is created it thus needs to be ensured that the global P2P data
> structures point to the right interface information. Thus, when an interface
> is created the global P2P information needs to be updated to point to the new
> wpa_supplicant struct.
No, that is not the way this is supposed to work. The new interface here
is likely to be used for a P2P group and at the end of that group, it
will be removed. That would leave wrong pointers in the global P2P data.
> If the above is not done and a new interface is created, for example after
> a resume, then the P2P data will point to invalid memory and weird things
There is something else here.. Are you removing the parent interface
somehow? That is not really supported currently and I guess it should
really result in removing all dynamic P2P interfaces and deinitializing
the global P2P data..
Jouni Malinen PGP id EFC895FA
More information about the HostAP