Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

WPS: Deinit before wpas_p2p_disconnect()

When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Eduardo Abinader 11 years ago
parent
c70c37500b
commit
5516ed32c5
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2 2
      wpa_supplicant/wpa_supplicant.c

+ 2 - 2
wpa_supplicant/wpa_supplicant.c
View File 

@@ -751,13 +751,13 @@ void wpa_supplicant_terminate_proc(struct wpa_global *global)
 
 	struct wpa_supplicant *wpa_s = global->ifaces;
 
 	while (wpa_s) {
 
 		struct wpa_supplicant *next = wpa_s->next;
 
+		if (wpas_wps_terminate_pending(wpa_s) == 1)
 
+			pending = 1;
 
 #ifdef CONFIG_P2P
 
 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
 
 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
 
 			wpas_p2p_disconnect(wpa_s);
 
 #endif /* CONFIG_P2P */
 
-		if (wpas_wps_terminate_pending(wpa_s) == 1)
 
-			pending = 1;
 
 		wpa_s = next;
 
 	}
 
 #endif /* CONFIG_WPS */