Clear EAPOL supplicant configuration info on current_ssid changes

There were some code paths that allowed obsolete configuration data
pointer to be maintained within EAPOL supplicant in case a network was
removed while not connection to it (i.e., wpa_s->current_ssid not
pointing to the network that was removed). This could result in use of
freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new
control interface connected prior to the EAPOL supplicant configuration
pointer got updated.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 4de20dd03578203b4cfdf0a275b08ed88d6ea3bf..2950d2d1a18e0cbf934fb16d6954ec167e40672e 100644 (file)
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -14,6 +14,7 @@
 #include "utils/uuid.h"
 #include "common/ieee802_11_defs.h"
 #include "common/wpa_ctrl.h"
+#include "eapol_supp/eapol_supp_sm.h"
 #include "ap/hostapd.h"
 #include "ap/ap_config.h"
 #include "ap/ap_drv_ops.h"
@@ -582,6 +583,7 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
        hapd_iface->bss[0]->drv_priv = wpa_s->drv_priv;
 
        wpa_s->current_ssid = ssid;
+       eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
        os_memcpy(wpa_s->bssid, wpa_s->own_addr, ETH_ALEN);
        wpa_s->assoc_freq = ssid->frequency;
 
@@ -605,6 +607,7 @@ void wpa_supplicant_ap_deinit(struct wpa_supplicant *wpa_s)
                return;
 
        wpa_s->current_ssid = NULL;
+       eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
        wpa_s->assoc_freq = 0;
 #ifdef CONFIG_P2P
        if (wpa_s->ap_iface->bss)

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 3ecb0ceb9de1fc26a50b8f55b60239510f1a0f6d..40c6adf9713ec7c75980160741c7f31a77ec6272 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -187,6 +187,7 @@ void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
                eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
        wpa_s->ap_ies_from_associnfo = 0;
        wpa_s->current_ssid = NULL;
+       eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
        wpa_s->key_mgmt = 0;
 }
 

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index a18922a28a8f3e622c69795674f95fa8bd7cbe66..7bfbc0e8b918c5620c2858a3f8019198c72dc297 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1912,8 +1912,10 @@ void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
                return;
        }
 
-       if (ssid)
+       if (ssid) {
                wpa_s->current_ssid = ssid;
+               eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
+       }
        wpa_s->connect_without_scan = NULL;
        wpa_s->disconnected = 0;
        wpa_s->reassociate = 1;