After reallocation of the bss struct, current_bss wasn't updated and
could hold an invalid pointer (which might get dereferenced later).
Update current_bss if the pointer was changed.
Signed-hostap: Eliad Peller <eliad@wizery.com>
intended-for: hostap-1
nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
res->beacon_ie_len);
if (nbss) {
+ if (wpa_s->current_bss == bss)
+ wpa_s->current_bss = nbss;
bss = nbss;
os_memcpy(bss + 1, res + 1,
res->ie_len + res->beacon_ie_len);