WPS: Deinit before wpas_p2p_disconnect()

When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index e38e3e070ab42f913659d88410cc465b335cd842..2b253ac174c2ae68726ef5055cc7e6a4973363a7 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -751,13 +751,13 @@ void wpa_supplicant_terminate_proc(struct wpa_global *global)
        struct wpa_supplicant *wpa_s = global->ifaces;
        while (wpa_s) {
                struct wpa_supplicant *next = wpa_s->next;
+               if (wpas_wps_terminate_pending(wpa_s) == 1)
+                       pending = 1;
 #ifdef CONFIG_P2P
                if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
                    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
                        wpas_p2p_disconnect(wpa_s);
 #endif /* CONFIG_P2P */
-               if (wpas_wps_terminate_pending(wpa_s) == 1)
-                       pending = 1;
                wpa_s = next;
        }
 #endif /* CONFIG_WPS */