]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 870d13f)
Fix current_bss use in checking whether SSID has been verified
authorJouni Malinen <quic_jouni@quicinc.com>
Wed, 26 Feb 2025 10:02:37 +0000 (12:02 +0200)
committerJouni Malinen <j@w1.fi>
Wed, 26 Feb 2025 10:02:37 +0000 (12:02 +0200)
The call to wpa_supplicant_update_scan_resuls() might change
wpa_s->current_bss, so need to fetch the ssid/ssid_len again after that
all to avoid potential use of freed memory.

Fixes: 5452a4a30204 ("SSID verification based on beacon protection")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
wpa_supplicant/wpa_supplicant.c patch | blob | blame | history

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 933c971ce0ac17197031466772fda62c24d9555d..128530eb52445e1a5925ff033c70c3a8afe46192 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1057,6 +1057,13 @@ static void wpas_verify_ssid_beacon(void *eloop_ctx, void *timeout_ctx)
        if (wpa_supplicant_update_scan_results(wpa_s, wpa_s->bssid) < 0)
                return;
 
+       /* wpa->current_bss might have changed due to memory reallocation, so
+        * need to update ssid/ssid_len */
+       if (!wpa_s->current_bss)
+               return;
+       ssid = wpa_s->current_bss->ssid;
+       ssid_len = wpa_s->current_bss->ssid_len;
+
        bss = wpa_bss_get_bssid_latest(wpa_s, wpa_s->bssid);
        if (!bss)
                return;
Unnamed repository; edit this file 'description' to name the repository.