In case a control interface socket is detached because of sendmsg()
failing for the socket, function call to detach the socket uses a
pointer to the socket information in the structure to be freed. Reorder
code to print socket info before freeing the data to avoid use of freed
memory in case debug prints are enabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
while (dst) {
if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
from->sin_port == dst->addr.sin_port) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "
+ "%s:%d", inet_ntoa(from->sin_addr),
+ ntohs(from->sin_port));
if (prev == NULL)
priv->ctrl_dst = dst->next;
else
prev->next = dst->next;
os_free(dst);
- wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "
- "%s:%d", inet_ntoa(from->sin_addr),
- ntohs(from->sin_port));
return 0;
}
prev = dst;
os_memcmp(from->sun_path, dst->addr.sun_path,
fromlen - offsetof(struct sockaddr_un, sun_path))
== 0) {
- dl_list_del(&dst->list);
- os_free(dst);
wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached",
(u8 *) from->sun_path,
fromlen -
offsetof(struct sockaddr_un, sun_path));
+ dl_list_del(&dst->list);
+ os_free(dst);
return 0;
}
}