[PATCH] wpa_supplicant: Fix access to the freed memory when removing all networks

Jaewan Kim jaewan at google.com
Mon Jan 28 23:37:34 EST 2013


Previous CL 'Fix REMOVE_NETWORK to not run operations with invalid
current_ssid' fixed this issue for 'removing a network', and we also need to
take care of 'removing all networks'.

Signed-hostap: Jaewan Kim <jaewan at google.com>

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index ecafc6c..33deacc 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -2108,14 +2108,6 @@ static int wpa_supplicant_ctrl_iface_remove_network(
        /* cmd: "<network id>" or "all" */
        if (os_strcmp(cmd, "all") == 0) {
                wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_NETWORK all");
-               ssid = wpa_s->conf->ssid;
-               while (ssid) {
-                       struct wpa_ssid *remove_ssid = ssid;
-                       id = ssid->id;
-                       ssid = ssid->next;
-                       wpas_notify_network_removed(wpa_s, remove_ssid);
-                       wpa_config_remove_network(wpa_s->conf, id);
-               }
                eapol_sm_invalidate_cached_session(wpa_s->eapol);
                if (wpa_s->current_ssid) {
 #ifdef CONFIG_SME
@@ -2126,6 +2118,14 @@ static int wpa_supplicant_ctrl_iface_remove_network(
                        wpa_supplicant_deauthenticate(
                                wpa_s, WLAN_REASON_DEAUTH_LEAVING);
                }
+               ssid = wpa_s->conf->ssid;
+               while (ssid) {
+                       struct wpa_ssid *remove_ssid = ssid;
+                       id = ssid->id;
+                       ssid = ssid->next;
+                       wpas_notify_network_removed(wpa_s, remove_ssid);
+                       wpa_config_remove_network(wpa_s->conf, id);
+               }
                return 0;
        }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20130129/3a0167d3/attachment.htm 


More information about the HostAP mailing list