From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 22 Jun 2020 17:00:31 +0000 (+0300)
Subject: DPP: Clear bootstrap entries only after clearing authentication state
X-Git-Tag: hostap_2_10~1105
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f4a52c3cc0f617281297930f9278e783b9e96da;p=thirdparty%2Fhostap.git

DPP: Clear bootstrap entries only after clearing authentication state

This fixes an issue where the pending authentication might have held a
reference to auth->tmp_peer_bi and dpp_auth_deinit() would try to free
that bootstrapping entry. This needs to happen before the call to
dpp_global_clear() to avoid double-removal of the bootstrapping entry
from the list.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 2d56b2f9d..0cda38542 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -3260,7 +3260,6 @@ void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
 #endif /* CONFIG_TESTING_OPTIONS */
 	if (!wpa_s->dpp)
 		return;
-	dpp_global_clear(wpa_s->dpp);
 	eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
 	eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
 	eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
@@ -3284,6 +3283,7 @@ void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
 	os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
 	os_free(wpa_s->dpp_configurator_params);
 	wpa_s->dpp_configurator_params = NULL;
+	dpp_global_clear(wpa_s->dpp);
 }