From: Jouni Malinen Date: Sat, 21 Nov 2009 10:12:49 +0000 (+0200) Subject: WPS ER: Fix AP entry freeing on timeout X-Git-Tag: hostap_0_7_0~22 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=7c04d5ec6c27299fc6feadcfab167a97093c976c;hp=b3f371cabf178935542583495ef3f51678bcf3bd;p=libeap.git WPS ER: Fix AP entry freeing on timeout Must unlink the entry first before trying to remove it to avoid leaving behind pointers to freed memory. --- diff --git a/src/wps/wps_er.c b/src/wps/wps_er.c index f2fa9c5..26bac70 100644 --- a/src/wps/wps_er.c +++ b/src/wps/wps_er.c @@ -268,11 +268,30 @@ static void wps_er_ap_free(struct wps_er *er, struct wps_er_ap *ap) } +static void wps_er_ap_unlink(struct wps_er *er, struct wps_er_ap *ap) +{ + struct wps_er_ap *prev, *tmp; + tmp = er->ap; + prev = NULL; + while (tmp) { + if (tmp == ap) { + if (prev) + prev->next = ap->next; + else + er->ap = ap->next; + } + prev = tmp; + tmp = tmp->next; + } +} + + static void wps_er_ap_timeout(void *eloop_data, void *user_ctx) { struct wps_er *er = eloop_data; struct wps_er_ap *ap = user_ctx; wpa_printf(MSG_DEBUG, "WPS ER: AP advertisement timed out"); + wps_er_ap_unlink(er, ap); wps_er_ap_free(er, ap); }