[PATCH] wpa_supplicant: Fix crash when terminating all interfaces

[Ilan Peer]

From: Moshe Benji <Moshe.Benji at intel.com>

In wpa_supplicant_terminate_proc(), while iterating and
terminating interfaces, after an interface is terminated
we can no longer access its memory as it is no longer valid
and causes a crash.

Fix this by saving the pointer to the next interface before freeing
the current one to avoid accessing an invalid memory location.

Signed-hostap: Moshe Benji <moshe.benji at intel.com>
---
 wpa_supplicant/wpa_supplicant.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index e8bca8a..bbeca7d 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -725,6 +725,7 @@ void wpa_supplicant_terminate_proc(struct wpa_global *global)
 #ifdef CONFIG_WPS
 	struct wpa_supplicant *wpa_s = global->ifaces;
 	while (wpa_s) {
+		struct wpa_supplicant *next = wpa_s->next;
 #ifdef CONFIG_P2P
 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
@@ -732,7 +733,7 @@ void wpa_supplicant_terminate_proc(struct wpa_global *global)
 #endif /* CONFIG_P2P */
 		if (wpas_wps_terminate_pending(wpa_s) == 1)
 			pending = 1;
-		wpa_s = wpa_s->next;
+		wpa_s = next;
 	}
 #endif /* CONFIG_WPS */
 	if (pending)
-- 
1.7.10.4