Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

atheros: Fix hapd_deinit() handler with generic IEs set

atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Ashok Kumar Ponnaiah 9 years ago
parent
712525b01e
commit
d6afe03660
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/drivers/driver_atheros.c

+ 1 - 1
src/drivers/driver_atheros.c
View File 

@@ -1704,10 +1704,10 @@ atheros_deinit(void *priv)
 
 	atheros_reset_appfilter(drv);
 
 
 	if (drv->wpa_ie || drv->wps_beacon_ie || drv->wps_probe_resp_ie) {
 
+		atheros_set_opt_ie(priv, NULL, 0);
 
 		wpabuf_free(drv->wpa_ie);
 
 		wpabuf_free(drv->wps_beacon_ie);
 
 		wpabuf_free(drv->wps_probe_resp_ie);
 
-		atheros_set_opt_ie(priv, NULL, 0);
 
 	}
 
 	netlink_deinit(drv->netlink);
 
 	(void) linux_set_iface_flags(drv->ioctl_sock, drv->iface, 0);