From: Ashok Kumar Ponnaiah <aponnaia@qti.qualcomm.com>
Date: Wed, 14 Oct 2015 13:01:30 +0000 (+0300)
Subject: atheros: Fix hapd_deinit() handler with generic IEs set
X-Git-Tag: hostap_2_6~1517
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6afe03660ffdc6b6bee9a293a051769720060c6;p=thirdparty%2Fhostap.git

atheros: Fix hapd_deinit() handler with generic IEs set

atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/drivers/driver_atheros.c b/src/drivers/driver_atheros.c
index dbc150376..b786ad2a2 100644
--- a/src/drivers/driver_atheros.c
+++ b/src/drivers/driver_atheros.c
@@ -1704,10 +1704,10 @@ atheros_deinit(void *priv)
 	atheros_reset_appfilter(drv);
 
 	if (drv->wpa_ie || drv->wps_beacon_ie || drv->wps_probe_resp_ie) {
+		atheros_set_opt_ie(priv, NULL, 0);
 		wpabuf_free(drv->wpa_ie);
 		wpabuf_free(drv->wps_beacon_ie);
 		wpabuf_free(drv->wps_probe_resp_ie);
-		atheros_set_opt_ie(priv, NULL, 0);
 	}
 	netlink_deinit(drv->netlink);
 	(void) linux_set_iface_flags(drv->ioctl_sock, drv->iface, 0);