wpa_gui: Avoid using freed item in enter_pin()

The Enrollee entry may be deleted while the PIN query dialog is open.
To avoid crashing on using freed entry, copy the needed data into
local variables before and use the local data after the PIN dialog
has been closed.

diff --git a/wpa_supplicant/wpa_gui-qt4/peers.cpp b/wpa_supplicant/wpa_gui-qt4/peers.cpp
index 5d2598fc913e53e0494108f80406eaac6bf5d2f8..5dce40b1981a1e09c3126bbc26a360a73e2bf3aa 100644 (file)
--- a/wpa_supplicant/wpa_gui-qt4/peers.cpp
+++ b/wpa_supplicant/wpa_gui-qt4/peers.cpp
@@ -147,6 +147,14 @@ void Peers::enter_pin()
        if (ctx_item == NULL)
                return;
 
+       int peer_type = ctx_item->data(peer_role_type).toInt();
+       QString uuid;
+       QString addr;
+       if (peer_type == PEER_TYPE_WPS_ER_ENROLLEE)
+               uuid = ctx_item->data(peer_role_uuid).toString();
+       else
+               addr = ctx_item->data(peer_role_address).toString();
+
        StringQuery input(tr("PIN:"));
        input.setWindowTitle(tr("PIN for ") + ctx_item->text());
        if (input.exec() != QDialog::Accepted)
@@ -156,14 +164,11 @@ void Peers::enter_pin()
        char reply[100];
        size_t reply_len;
 
-       if (ctx_item->data(peer_role_type).toInt() ==
-           PEER_TYPE_WPS_ER_ENROLLEE) {
-               QString uuid = ctx_item->data(peer_role_uuid).toString();
+       if (peer_type == PEER_TYPE_WPS_ER_ENROLLEE) {
                snprintf(cmd, sizeof(cmd), "WPS_ER_PIN %s %s",
                         uuid.toAscii().constData(),
                         input.get_string().toAscii().constData());
        } else {
-               QString addr = ctx_item->data(peer_role_address).toString();
                snprintf(cmd, sizeof(cmd), "WPS_PIN %s %s",
                         addr.toAscii().constData(),
                         input.get_string().toAscii().constData());