[PATCH] dbus: Reorder deauthentication and cleanup calls when removing a network.

Hannu Mallat hannu.mallat at jollamobile.com
Mon May 12 07:33:12 EDT 2014


Valgrind indicates reference to already freed memory if function
wpa_config_remove_network() is called prior to calling
wpa_supplicant_deauthenticate(), and this can lead to a crash.
Inverting the call order fixes the problem.

Signed-off-by: Hannu Mallat <hannu.mallat at jollamobile.com>
---
 wpa_supplicant/dbus/dbus_new_handlers.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index 33a1ba9..dfcae19 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -1583,16 +1583,6 @@ DBusMessage * wpas_dbus_handler_remove_network(DBusMessage *message,
 
 	wpas_notify_network_removed(wpa_s, ssid);
 
-	if (wpa_config_remove_network(wpa_s->conf, id) < 0) {
-		wpa_printf(MSG_ERROR,
-			   "wpas_dbus_handler_remove_network[dbus]: "
-			   "error occurred when removing network %d", id);
-		reply = wpas_dbus_error_unknown_error(
-			message, "error removing the specified network on "
-			"this interface.");
-		goto out;
-	}
-
 	if (ssid == wpa_s->current_ssid)
 		wpa_supplicant_deauthenticate(wpa_s,
 					      WLAN_REASON_DEAUTH_LEAVING);
@@ -1603,6 +1593,16 @@ DBusMessage * wpas_dbus_handler_remove_network(DBusMessage *message,
 		wpa_supplicant_req_scan(wpa_s, 0, 0);
 	}
 
+	if (wpa_config_remove_network(wpa_s->conf, id) < 0) {
+		wpa_printf(MSG_ERROR,
+			   "wpas_dbus_handler_remove_network[dbus]: "
+			   "error occurred when removing network %d", id);
+		reply = wpas_dbus_error_unknown_error(
+			message, "error removing the specified network on "
+			"this interface.");
+		goto out;
+	}
+
 
 out:
 	os_free(iface);
-- 
1.8.5.3



More information about the HostAP mailing list