scan: Fix a memory leak on an error path

If preassoc_mac_addr is used and updating the MAC address fails in
wpas_trigger_scan_cb(), the cloned scan parameters were leaked. Fix that
and also send a CTRL-EVENT-SCAN-FAILED event in this and another error
case.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index 9a3c4c9..330679c 100644 (file)
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -162,6 +162,8 @@ static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit)
        if (wpas_update_random_addr_disassoc(wpa_s) < 0) {
                wpa_msg(wpa_s, MSG_INFO,
                        "Failed to assign random MAC address for a scan");
+               wpa_scan_free_params(params);
+               wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1");
                radio_work_done(work);
                return;
        }
@@ -231,6 +233,7 @@ int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s,
        if (radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0)
        {
                wpa_scan_free_params(ctx);
+               wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1");
                return -1;
        }