projects / mech_eap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f11e797)
D-Bus (old): Fix removeNetwork method to not use freed memory
authorJouni Malinen <j@w1.fi>
Wed, 31 Dec 2014 14:54:48 +0000 (16:54 +0200)
committerJouni Malinen <j@w1.fi>
Fri, 2 Jan 2015 20:50:26 +0000 (22:50 +0200)
wpa_supplicant_deauthenticate() call needs to happen before
wpa_config_remove_network(). Freed memory could be dereferenced if
removeNetwork method was issued on the currently connected network.

Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant/dbus/dbus_old_handlers.c patch | blob | history

diff --git a/wpa_supplicant/dbus/dbus_old_handlers.c b/wpa_supplicant/dbus/dbus_old_handlers.c
index 0f1f5cf..b9c631d 100644 (file)
--- a/wpa_supplicant/dbus/dbus_old_handlers.c
+++ b/wpa_supplicant/dbus/dbus_old_handlers.c
@@ -866,6 +866,10 @@ DBusMessage * wpas_dbus_iface_remove_network(DBusMessage *message,
 
        wpas_notify_network_removed(wpa_s, ssid);
 
+       if (ssid == wpa_s->current_ssid)
+               wpa_supplicant_deauthenticate(wpa_s,
+                                             WLAN_REASON_DEAUTH_LEAVING);
+
        if (wpa_config_remove_network(wpa_s->conf, id) < 0) {
                reply = dbus_message_new_error(message,
                                               WPAS_ERROR_REMOVE_NETWORK_ERROR,
@@ -874,9 +878,6 @@ DBusMessage * wpas_dbus_iface_remove_network(DBusMessage *message,
                goto out;
        }
 
-       if (ssid == wpa_s->current_ssid)
-               wpa_supplicant_deauthenticate(wpa_s,
-                                             WLAN_REASON_DEAUTH_LEAVING);
        reply = wpas_dbus_new_success_reply(message);
 
 out:
Moonshot GSS-API mechanism