Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix last_scan_res update existing BSS entry is update

The BSS pointer may change if the entry needs to be reallocated
and the new pointer has to be added to the last_scan_res array
to avoid using pointers to freed memory.

Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen 12 years ago
parent
e88f0901eb
commit
762b99db7a
1 changed files with 13 additions and 3 deletions
Split View Show Diff Stats
  1. 13 3
      wpa_supplicant/bss.c

+ 13 - 3
wpa_supplicant/bss.c
View File 

@@ -391,8 +391,9 @@ static void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
 
 }
 
 
 
-static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
 
-			   struct wpa_scan_res *res)
 
+static struct wpa_bss *
 
+wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
 
+	       struct wpa_scan_res *res)
 
 {
 
 	u32 changes;
 
 
@@ -414,6 +415,13 @@ static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
 
 		nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
 
 				  res->beacon_ie_len);
 
 		if (nbss) {
 
+			unsigned int i;
 
+			for (i = 0; i < wpa_s->last_scan_res_used; i++) {
 
+				if (wpa_s->last_scan_res[i] == bss) {
 
+					wpa_s->last_scan_res[i] = nbss;
 
+					break;
 
+				}
 
+			}
 
 			if (wpa_s->current_bss == bss)
 
 				wpa_s->current_bss = nbss;
 
 			bss = nbss;
 
@@ -429,6 +437,8 @@ static void wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
 
 	dl_list_add_tail(&wpa_s->bss, &bss->list);
 
 
 	notify_bss_changes(wpa_s, changes, bss);
 
+
 
+	return bss;
 
 }
 
 
 
@@ -482,7 +492,7 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
 
 	if (bss == NULL)
 
 		bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res);
 
 	else
 
-		wpa_bss_update(wpa_s, bss, res);
 
+		bss = wpa_bss_update(wpa_s, bss, res);
 
 
 	if (bss == NULL)
 
 		return;