projects
/
mech_eap.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
e19467e
)
BSS: Fix use-after-realloc
author
Eliad Peller
<eliad@wizery.com>
Mon, 5 Mar 2012 15:09:55 +0000
(17:09 +0200)
committer
Jouni Malinen
<j@w1.fi>
Mon, 5 Mar 2012 15:09:55 +0000
(17:09 +0200)
After reallocation of the bss struct, current_bss wasn't updated and
could hold an invalid pointer (which might get dereferenced later).
Update current_bss if the pointer was changed.
Signed-hostap: Eliad Peller <eliad@wizery.com>
intended-for: hostap-1
wpa_supplicant/bss.c
patch
|
blob
|
history
diff --git
a/wpa_supplicant/bss.c
b/wpa_supplicant/bss.c
index
2a5bb85
..
b79510e
100644
(file)
--- a/
wpa_supplicant/bss.c
+++ b/
wpa_supplicant/bss.c
@@
-328,6
+328,8
@@
static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
res->beacon_ie_len);
if (nbss) {
+ if (wpa_s->current_bss == bss)
+ wpa_s->current_bss = nbss;
bss = nbss;
os_memcpy(bss + 1, res + 1,
res->ie_len + res->beacon_ie_len);
projects / mech_eap.git / commitdiff