]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c61f3e5)
TDLS: Replace os_memset() of all peer data with safer approach
authorJouni Malinen <jouni.malinen@atheros.com>
Thu, 27 Jan 2011 12:06:17 +0000 (14:06 +0200)
committerJouni Malinen <j@w1.fi>
Sun, 6 Mar 2011 12:54:27 +0000 (14:54 +0200)
Blindly clearing all struct wpa_tdls_peer members is a risky
operation since it could easily clear pointers to allocated
memory, etc. information that really should not be removed.
Instead of hoping that new code gets added here to restore
the important variables, reverse the approach and only clear
structure members one by one when needed.

src/rsn_supp/tdls.c patch | blob | blame | history

diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index f84139df8575e087fe61ae051cb93873979f2ba2..f2baa04f9912e427601807d9ca7cfec0136a44c1 100644 (file)
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -248,26 +248,6 @@ static int wpa_tdls_tpk_send(struct wpa_sm *sm, const u8 *dest, u8 action_code,
 }
 
 
-static void tdls_clear_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
-{
-       u8 mac[ETH_ALEN];
-       struct wpa_tdls_peer *tmp;
-
-       os_memcpy(mac, peer->addr, ETH_ALEN);
-       tmp = peer->next;
-       peer->initiator = 0;
-       eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
-       os_free(peer->sm_tmr.buf);
-
-       /* reset all */
-       os_memset(peer, 0, sizeof(*peer));
-
-       /* restore things */
-       os_memcpy(peer->addr, mac, ETH_ALEN);
-       peer->next = tmp;
-}
-
-
 static void wpa_tdls_tpk_retry_timeout(void *eloop_ctx, void *timeout_ctx)
 {
 
@@ -598,11 +578,19 @@ static void wpa_tdls_tpk_timeout(void *eloop_ctx, void *timeout_ctx)
 
 static void wpa_tdls_peer_free(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
 {
+       wpa_printf(MSG_DEBUG, "TDLS: Clear state for peer " MACSTR,
+                  MAC2STR(peer->addr));
        eloop_cancel_timeout(wpa_tdls_tpk_timeout, sm, peer);
-
-       /* need to clear Peerkey SM */
-       tdls_clear_peer(sm, peer);
-       //os_free(peer);
+       eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
+       peer->initiator = 0;
+       os_free(peer->sm_tmr.buf);
+       peer->sm_tmr.buf = NULL;
+       peer->rsnie_i_len = peer->rsnie_p_len = 0;
+       peer->cipher = 0;
+       peer->tpk_set = peer->tpk_success = 0;
+       os_memset(&peer->tpk, 0, sizeof(peer->tpk));
+       os_memset(peer->inonce, 0, WPA_NONCE_LEN);
+       os_memset(peer->rnonce, 0, WPA_NONCE_LEN);
 }
 
 
Unnamed repository; edit this file 'description' to name the repository.