[PATCH] Patch to fix supplicant crash seen in P2P WPS overlap case.

Jithu Jance jithu at broadcom.com
Sat Oct 22 00:50:28 EDT 2011


Patch to fix supplicant crash seen in P2P WPS overlap case. Once overlap
is detected, the wpa_s corresponding to P2P Group formation is freed.
This patch avoids accessing the wpa_s data structure after it is freed.
Please see whether the patch is okay.

---
 wpa_supplicant/events.c           |   16 +++++++++++-----
 wpa_supplicant/wpa_supplicant_i.h |    2 +-
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 4ec935e..f42a6e6 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -706,7 +706,7 @@ static void wpa_supplicant_req_new_scan(struct wpa_supplicant *wpa_s,
 }
 
 
-void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
+int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
 			    struct wpa_bss *selected,
 			    struct wpa_ssid *ssid)
 {
@@ -715,13 +715,13 @@ void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
 			"PBC session overlap");
 #ifdef CONFIG_P2P
 		if (wpas_p2p_notif_pbc_overlap(wpa_s) == 1)
-			return;
+			return -1;
 #endif /* CONFIG_P2P */
 
 #ifdef CONFIG_WPS
 		wpas_wps_cancel(wpa_s);
 #endif /* CONFIG_WPS */
-		return;
+		return -1;
 	}
 
 	/*
@@ -737,7 +737,7 @@ void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
 	      0))) {
 		if (wpa_supplicant_scard_init(wpa_s, ssid)) {
 			wpa_supplicant_req_new_scan(wpa_s, 10, 0);
-			return;
+			return 0;
 		}
 		wpa_msg(wpa_s, MSG_DEBUG, "Request association: "
 			"reassociate: %d  selected: "MACSTR "  bssid: " MACSTR
@@ -750,6 +750,8 @@ void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
 		wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with the "
 			"selected AP");
 	}
+
+	return 0;
 }
 
 
@@ -975,7 +977,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
 		wpa_scan_results_free(scan_res);
 		if (skip)
 			return 0;
-		wpa_supplicant_connect(wpa_s, selected, ssid);
+
+		if(wpa_supplicant_connect(wpa_s, selected, ssid) < 0) {
+			wpa_dbg(wpa_s, MSG_DEBUG, "Connect Failed");
+			return -1;
+		}
 		wpa_supplicant_rsn_preauth_scan_results(wpa_s);
 	} else {
 		wpa_scan_results_free(scan_res);
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 54f5cc4..afcfda9 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -671,7 +671,7 @@ int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s);
 
 /* events.c */
 void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
+int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
 			    struct wpa_bss *selected,
 			    struct wpa_ssid *ssid);
 
-- 
1.7.4.1


- Jithu Jance.


More information about the HostAP mailing list