<meta http-equiv="content-type" content="text/html; charset=utf-8"><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; ">Patch to fix supplicant crash seen in P2P WPS overlap case. Once overlap<br>
is detected, the wpa_s corresponding to P2P Group formation is freed.<br>This patch avoids accessing the wpa_s data structure after it is freed.<br>Kinldy see whether the patch is okay.<br><br>---<br> wpa_supplicant/events.c | 16 +++++++++++-----<br>
wpa_supplicant/wpa_supplicant_i.h | 2 +-<br> 2 files changed, 12 insertions(+), 6 deletions(-)<br><br>diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c<br>index 4ec935e..f42a6e6 100644<br>--- a/wpa_supplicant/events.c<br>
+++ b/wpa_supplicant/events.c<br>@@ -706,7 +706,7 @@ static void wpa_supplicant_req_new_scan(struct wpa_supplicant *wpa_s,<br> }<br><br><br>-void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,<br>+int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,<br>
struct wpa_bss *selected,<br> struct wpa_ssid *ssid)<br> {<br>@@ -715,13 +715,13 @@ void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,<br> "PBC session overlap");<br>
#ifdef CONFIG_P2P<br> if (wpas_p2p_notif_pbc_overlap(wpa_s) == 1)<br>- return;<br>+ return -1;<br> #endif /* CONFIG_P2P */<br><br> #ifdef CONFIG_WPS<br> wpas_wps_cancel(wpa_s);<br>
#endif /* CONFIG_WPS */<br>- return;<br>+ return -1;<br> }<br><br> /*<br>@@ -737,7 +737,7 @@ void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,<br> 0))) {<br> if (wpa_supplicant_scard_init(wpa_s, ssid)) {<br>
wpa_supplicant_req_new_scan(wpa_s, 10, 0);<br>- return;<br>+ return 0;<br> }<br> wpa_msg(wpa_s, MSG_DEBUG, "Request association: "<br>
"reassociate: %d selected: "MACSTR " bssid: " MACSTR<br>@@ -750,6 +750,8 @@ void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,<br> wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with the "<br>
"selected AP");<br> }<br>+<br>+ return 0;<br> }<br><br><br>@@ -975,7 +977,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,<br> wpa_scan_results_free(scan_res);<br>
if (skip)<br> return 0;<br>- wpa_supplicant_connect(wpa_s, selected, ssid);<br>+<br>+ if(wpa_supplicant_connect(wpa_s, selected, ssid) < 0) {<br>+ wpa_dbg(wpa_s, MSG_DEBUG, "Connect Failed");<br>
+ return -1;<br>+ }<br> wpa_supplicant_rsn_preauth_scan_results(wpa_s);<br> } else {<br> wpa_scan_results_free(scan_res);<br>diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h<br>
index 54f5cc4..afcfda9 100644<br>--- a/wpa_supplicant/wpa_supplicant_i.h<br>+++ b/wpa_supplicant/wpa_supplicant_i.h<br>@@ -671,7 +671,7 @@ int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s);<br><br> /* events.c */<br>
void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s);<br>-void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,<br>+int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,<br> struct wpa_bss *selected,<br>
struct wpa_ssid *ssid);<br><font color="#888888"><br>--<br>1.7.4.1<br><br></font></span><br><span style="font-family:courier new,monospace;color:rgb(102, 102, 102)">- <b><font size="2">Jithu Jance.</font></b></span><br>
<br>