Clear EAPOL supplicant configuration info on current_ssid changes

There were some code paths that allowed obsolete configuration data
pointer to be maintained within EAPOL supplicant in case a network was
removed while not connection to it (i.e., wpa_s->current_ssid not
pointing to the network that was removed). This could result in use of
freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new
control interface connected prior to the EAPOL supplicant configuration
pointer got updated.

Signed-hostap: Jouni Malinen <j@w1.fi>

wpa_supplicant/ap.c

@@ -14,6 +14,7 @@
 #include "utils/uuid.h"
 #include "common/ieee802_11_defs.h"
 #include "common/wpa_ctrl.h"
+#include "eapol_supp/eapol_supp_sm.h"
 #include "ap/hostapd.h"
 #include "ap/ap_config.h"
 #include "ap/ap_drv_ops.h"
@@ -582,6 +583,7 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
 	hapd_iface->bss[0]->drv_priv = wpa_s->drv_priv;
 
 	wpa_s->current_ssid = ssid;
+	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
 	os_memcpy(wpa_s->bssid, wpa_s->own_addr, ETH_ALEN);
 	wpa_s->assoc_freq = ssid->frequency;
 
@@ -605,6 +607,7 @@ void wpa_supplicant_ap_deinit(struct wpa_supplicant *wpa_s)
 		return;
 
 	wpa_s->current_ssid = NULL;
+	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
 	wpa_s->assoc_freq = 0;
 #ifdef CONFIG_P2P
 	if (wpa_s->ap_iface->bss)

wpa_supplicant/events.c

@@ -187,6 +187,7 @@ void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
 		eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
 	wpa_s->ap_ies_from_associnfo = 0;
 	wpa_s->current_ssid = NULL;
+	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
 	wpa_s->key_mgmt = 0;
 }
 

wpa_supplicant/wpa_supplicant.c

@@ -1912,8 +1912,10 @@ void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
 		return;
 	}
 
-	if (ssid)
+	if (ssid) {
 		wpa_s->current_ssid = ssid;
+		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
+	}
 	wpa_s->connect_without_scan = NULL;
 	wpa_s->disconnected = 0;
 	wpa_s->reassociate = 1;