Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

WPS ER: Fix Enrollee entry freeing on timeout

Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
Jouni Malinen 15 years ago
parent
a3c6598fcd
commit
7c009db2a6
1 changed files with 15 additions and 1 deletions
Split View Show Diff Stats
  1. 15 1
      src/wps/wps_er.c

+ 15 - 1
src/wps/wps_er.c
View File 

@@ -676,8 +676,22 @@ static void wps_er_http_resp_ok(struct http_request *req)
 
 
 static void wps_er_sta_timeout(void *eloop_data, void *user_ctx)
 
 {
 
-	struct wps_er_sta *sta = eloop_data;
 
+	struct wps_er_sta *prev, *tmp, *sta = eloop_data;
 
 	wpa_printf(MSG_DEBUG, "WPS ER: STA entry timed out");
 
+	tmp = sta->ap->sta;
 
+	prev = NULL;
 
+	while (tmp) {
 
+		if (tmp == sta)
 
+			break;
 
+		prev = tmp;
 
+		tmp = tmp->next;
 
+	}
 
+	if (tmp) {
 
+		if (prev)
 
+			prev->next = sta->next;
 
+		else
 
+			sta->ap->sta = sta->next;
 
+	}
 
 	wps_er_sta_free(sta);
 
 }