Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

ap/adhoc: Don't crash on eapol_sm_free 

If the sm object (or the handshake object) is NULL, don't call the
corresponding function.

0  0x7fb6cd37da80 in /lib64/libc.so.6
1  0x414764 in eapol_sm_destroy() at eapol.c:673
2  0x42e402 in ap_sta_free() at ap.c:97
3  0x439dbe in l_queue_clear() at /home/parallels/wrk/iwd/ell/queue.c:109
4  0x439e09 in l_queue_destroy() at /home/parallels/wrk/iwd/ell/queue.c:83
5  0x42e4bf in ap_reset() at ap.c:132
6  0x42e519 in ap_free() at ap.c:147
7  0x447456 in interface_instance_free() at /home/parallels/wrk/iwd/ell/dbus-service.c:513
8  0x449be0 in _dbus_object_tree_remove_interface() at /home/parallels/wrk/iwd/ell/dbus-service.c:1595
9  0x449ced in _dbus_object_tree_object_destroy() at /home/parallels/wrk/iwd/ell/dbus-service.c:787
10 0x40fb8c in device_free() at device.c:2717
11 0x405cdb in netdev_free() at netdev.c:605
12 0x439dbe in l_queue_clear() at /home/parallels/wrk/iwd/ell/queue.c:109
13 0x439e09 in l_queue_destroy() at /home/parallels/wrk/iwd/ell/queue.c:83
14 0x40aac2 in netdev_shutdown() at netdev.c:4483
15 0x403b75 in iwd_shutdown() at main.c:80
16 0x43d9f3 in signal_callback() at /home/parallels/wrk/iwd/ell/signal.c:83
17 0x43d4ee in l_main_iterate() at /home/parallels/wrk/iwd/ell/main.c:376
18 0x43d5ac in l_main_run() at /home/parallels/wrk/iwd/ell/main.c:419
19 0x40379b in main() at main.c:454
20 0x7fb6cd36788a in /lib64/libc.so.6
This commit is contained in:
Denis Kenzior 2018-07-30 09:05:52 -05:00
parent de013cf92b
commit 6be0f55d85
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/adhoc.c
View File

@ -74,12 +74,14 @@ static void adhoc_sta_free(void *data)
if (sta->sm)
eapol_sm_free(sta->sm);
handshake_state_free(sta->hs_sta);
if (sta->hs_sta)
handshake_state_free(sta->hs_sta);
if (sta->sm_a)
eapol_sm_free(sta->sm_a);
handshake_state_free(sta->hs_auth);
if (sta->hs_auth)
handshake_state_free(sta->hs_auth);
end:
l_free(sta);

7
src/ap.c
View File

@ -93,8 +93,11 @@ static void ap_sta_free(void *data)
if (sta->assoc_resp_cmd_id)
l_genl_family_cancel(nl80211, sta->assoc_resp_cmd_id);
eapol_sm_free(sta->sm);
handshake_state_free(sta->hs);
if (sta->sm)
eapol_sm_free(sta->sm);
if (sta->hs)
handshake_state_free(sta->hs);
l_free(sta);
}