Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

WNM: Fix deinit path to clean neighbor report count

wnm_deallocate_memory() left wnm_num_neighbor_report set while freeing
the allocated buffer of neighbor reports. If this function was called
twice in a row without having went through new neighbor report parsing,
invalid pointers could have been freed resulted in segfault.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 11 years ago
parent
f44c45ac7f
commit
ec331d09a2
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      wpa_supplicant/wnm_sta.c

+ 1 - 0
wpa_supplicant/wnm_sta.c
View File 

@@ -319,6 +319,7 @@ void wnm_deallocate_memory(struct wpa_supplicant *wpa_s)
 
 		os_free(wpa_s->wnm_neighbor_report_elements[i].mul_bssid);
 
 	}
 
 
+	wpa_s->wnm_num_neighbor_report = 0;
 
 	os_free(wpa_s->wnm_neighbor_report_elements);
 
 	wpa_s->wnm_neighbor_report_elements = NULL;
 
 }