projects / mech_eap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e88f090)
Fix last_scan_res update existing BSS entry is update
authorJouni Malinen <j@w1.fi>
Mon, 10 Sep 2012 10:33:29 +0000 (12:33 +0200)
committerJouni Malinen <j@w1.fi>
Mon, 10 Sep 2012 10:36:55 +0000 (12:36 +0200)
The BSS pointer may change if the entry needs to be reallocated
and the new pointer has to be added to the last_scan_res array
to avoid using pointers to freed memory.

Signed-hostap: Jouni Malinen <j@w1.fi>

wpa_supplicant/bss.c patch | blob | history

diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index af2033f..6223beb 100644 (file)
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -391,8 +391,9 @@ static void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
 }
 
 
-static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-                          struct wpa_scan_res *res)
+static struct wpa_bss *
+wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
+              struct wpa_scan_res *res)
 {
        u32 changes;
 
@@ -414,6 +415,13 @@ static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
                nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
                                  res->beacon_ie_len);
                if (nbss) {
+                       unsigned int i;
+                       for (i = 0; i < wpa_s->last_scan_res_used; i++) {
+                               if (wpa_s->last_scan_res[i] == bss) {
+                                       wpa_s->last_scan_res[i] = nbss;
+                                       break;
+                               }
+                       }
                        if (wpa_s->current_bss == bss)
                                wpa_s->current_bss = nbss;
                        bss = nbss;
@@ -429,6 +437,8 @@ static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
        dl_list_add_tail(&wpa_s->bss, &bss->list);
 
        notify_bss_changes(wpa_s, changes, bss);
+
+       return bss;
 }
 
 
@@ -482,7 +492,7 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
        if (bss == NULL)
                bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res);
        else
-               wpa_bss_update(wpa_s, bss, res);
+               bss = wpa_bss_update(wpa_s, bss, res);
 
        if (bss == NULL)
                return;
Moonshot GSS-API mechanism