From: Jouni Malinen <j@w1.fi>
Date: Fri, 20 Nov 2009 19:56:39 +0000 (+0200)
Subject: WPS ER: Fix Enrollee entry freeing on timeout
X-Git-Tag: hostap_0_7_0~24
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=libeap.git;a=commitdiff_plain;h=7c009db2a652acefea5831bbecfbb88fc5087208

WPS ER: Fix Enrollee entry freeing on timeout

Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
---

diff --git a/src/wps/wps_er.c b/src/wps/wps_er.c
index 2887f04..4a6e6f7 100644
--- a/src/wps/wps_er.c
+++ b/src/wps/wps_er.c
@@ -676,8 +676,22 @@ static void wps_er_http_resp_ok(struct http_request *req)
 
 static void wps_er_sta_timeout(void *eloop_data, void *user_ctx)
 {
-	struct wps_er_sta *sta = eloop_data;
+	struct wps_er_sta *prev, *tmp, *sta = eloop_data;
 	wpa_printf(MSG_DEBUG, "WPS ER: STA entry timed out");
+	tmp = sta->ap->sta;
+	prev = NULL;
+	while (tmp) {
+		if (tmp == sta)
+			break;
+		prev = tmp;
+		tmp = tmp->next;
+	}
+	if (tmp) {
+		if (prev)
+			prev->next = sta->next;
+		else
+			sta->ap->sta = sta->next;
+	}
 	wps_er_sta_free(sta);
 }