Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

WPS: Fixed deinit code for freeing config and registrar data

We need to be a bit more careful when removing the WPS configuration
block since wpa_s->current_ssid may still be pointing at it. In
addition, registrar pointer in wps_context will need to be cleared
since the context data is now maintained over multiple EAP-WSC runs.
Without this, certain WPS operations could have used freed memory.
Jouni Malinen 16 years ago
parent
47f72245e2
commit
f0477201bd
2 changed files with 5 additions and 2 deletions
Unified View Show Diff Stats
  1. 1 0
      src/eap_peer/eap_wsc.c
  2. 4 2
      wpa_supplicant/wps_supplicant.c

+ 1 - 0
src/eap_peer/eap_wsc.c
View File 

@@ -224,6 +224,7 @@ static void eap_wsc_deinit(struct eap_sm *sm, void *priv)
 
 	wpabuf_free(data->out_buf);
 
 	wpabuf_free(data->out_buf);
 
 	wps_deinit(data->wps);
 
 	wps_deinit(data->wps);
 
 	wps_registrar_deinit(data->wps_ctx->registrar);
 
 	wps_registrar_deinit(data->wps_ctx->registrar);
 
+	data->wps_ctx->registrar = NULL;
 
 	os_free(data->wps_ctx->network_key);
 
 	os_free(data->wps_ctx->network_key);
 
 	data->wps_ctx->network_key = NULL;
 
 	data->wps_ctx->network_key = NULL;
 
 	os_free(data);
 
 	os_free(data);

+ 4 - 2
wpa_supplicant/wps_supplicant.c
View File 

@@ -200,9 +200,11 @@ static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
 
 	/* Remove any existing WPS network from configuration */
 
 	/* Remove any existing WPS network from configuration */
 
 	ssid = wpa_s->conf->ssid;
 
 	ssid = wpa_s->conf->ssid;
 
 	while (ssid) {
 
 	while (ssid) {
 
-		if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
 
+		if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
 
+			if (ssid == wpa_s->current_ssid)
 
+				wpa_s->current_ssid = NULL;
 
 			id = ssid->id;
 
 			id = ssid->id;
 
-		else
 
+		} else
 
 			id = -1;
 
 			id = -1;
 
 		ssid = ssid->next;
 
 		ssid = ssid->next;
 
 		if (id >= 0)
 
 		if (id >= 0)