FST: Fix MB IE clearing on detach

This fixes an issue where freed MB IEs buffer memory could potentially
have been accessed after an interface is detached from FST group.
Without this fix, if an interface is detached from FST group, it can use
MB IEs buffer previously set by fst_iface_set_ies(), although the buffer
was released by fst_iface_delete().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/fst/fst_iface.c b/src/fst/fst_iface.c
index 4fba9b1..5a92d2c 100644 (file)
--- a/src/fst/fst_iface.c
+++ b/src/fst/fst_iface.c
@@ -43,6 +43,7 @@ struct fst_iface * fst_iface_create(struct fst_group *g, const char *ifname,
 
 void fst_iface_delete(struct fst_iface *i)
 {
+       fst_iface_set_ies(i, NULL);
        wpabuf_free(i->mb_ie);
        os_free(i);
 }