From 6dc3206ef056a6682cbc9bfd6b2ccf97b9695294 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 22 May 2016 18:09:23 +0300
Subject: [PATCH] scan: Fix a memory leak on an error path

If preassoc_mac_addr is used and updating the MAC address fails in
wpas_trigger_scan_cb(), the cloned scan parameters were leaked. Fix that
and also send a CTRL-EVENT-SCAN-FAILED event in this and another error
case.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 wpa_supplicant/scan.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index 9a3c4c9..330679c 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -162,6 +162,8 @@ static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit)
 	if (wpas_update_random_addr_disassoc(wpa_s) < 0) {
 		wpa_msg(wpa_s, MSG_INFO,
 			"Failed to assign random MAC address for a scan");
+		wpa_scan_free_params(params);
+		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1");
 		radio_work_done(work);
 		return;
 	}
@@ -231,6 +233,7 @@ int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s,
 	if (radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0)
 	{
 		wpa_scan_free_params(ctx);
+		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1");
 		return -1;
 	}
 
-- 
2.1.4