ap/adhoc: Don't crash on eapol_sm_free

If the sm object (or the handshake object) is NULL, don't call the corresponding function. 0 0x7fb6cd37da80 in /lib64/libc.so.6 1 0x414764 in eapol_sm_destroy() at eapol.c:673 2 0x42e402 in ap_sta_free() at ap.c:97 3 0x439dbe in l_queue_clear() at /home/parallels/wrk/iwd/ell/queue.c:109 4 0x439e09 in l_queue_destroy() at /home/parallels/wrk/iwd/ell/queue.c:83 5 0x42e4bf in ap_reset() at ap.c:132 6 0x42e519 in ap_free() at ap.c:147 7 0x447456 in interface_instance_free() at /home/parallels/wrk/iwd/ell/dbus-service.c:513 8 0x449be0 in _dbus_object_tree_remove_interface() at /home/parallels/wrk/iwd/ell/dbus-service.c:1595 9 0x449ced in _dbus_object_tree_object_destroy() at /home/parallels/wrk/iwd/ell/dbus-service.c:787 10 0x40fb8c in device_free() at device.c:2717 11 0x405cdb in netdev_free() at netdev.c:605 12 0x439dbe in l_queue_clear() at /home/parallels/wrk/iwd/ell/queue.c:109 13 0x439e09 in l_queue_destroy() at /home/parallels/wrk/iwd/ell/queue.c:83 14 0x40aac2 in netdev_shutdown() at netdev.c:4483 15 0x403b75 in iwd_shutdown() at main.c:80 16 0x43d9f3 in signal_callback() at /home/parallels/wrk/iwd/ell/signal.c:83 17 0x43d4ee in l_main_iterate() at /home/parallels/wrk/iwd/ell/main.c:376 18 0x43d5ac in l_main_run() at /home/parallels/wrk/iwd/ell/main.c:419 19 0x40379b in main() at main.c:454 20 0x7fb6cd36788a in /lib64/libc.so.6
2024-11-25 17:59:25 +01:00 · 2018-07-30 09:05:52 -05:00 · 2018-07-30 09:05:52 -05:00 · 6be0f55d85
commit 6be0f55d85
parent de013cf92b
2 changed files with 9 additions and 4 deletions
--- a/src/adhoc.c
+++ b/src/adhoc.c
@ -74,12 +74,14 @@ static void adhoc_sta_free(void *data)
 	if (sta->sm)
 		eapol_sm_free(sta->sm);

-	handshake_state_free(sta->hs_sta);
+	if (sta->hs_sta)
+		handshake_state_free(sta->hs_sta);

 	if (sta->sm_a)
 		eapol_sm_free(sta->sm_a);

-	handshake_state_free(sta->hs_auth);
+	if (sta->hs_auth)
+		handshake_state_free(sta->hs_auth);

 end:
 	l_free(sta);
--- a/src/ap.c
+++ b/src/ap.c
@ -93,8 +93,11 @@ static void ap_sta_free(void *data)
 	if (sta->assoc_resp_cmd_id)
 		l_genl_family_cancel(nl80211, sta->assoc_resp_cmd_id);

-	eapol_sm_free(sta->sm);
-	handshake_state_free(sta->hs);
+	if (sta->sm)
+		eapol_sm_free(sta->sm);
+
+	if (sta->hs)
+		handshake_state_free(sta->hs);

 	l_free(sta);
 }