mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 13:02:44 +01:00
ap: eapol_sm lifecycle fixes
On one hand when we're called with HANDSHAKE_EVENT_FAILED or HANDSHAKE_EVENT_SETTING_KEYS_FAILED the eapol_sm will be freed in eapol.c, fix a double-free by setting it to NULL before ap_free_sta is called. On the other hand make sure we call eapol_sm_free before setting sta->sm to NULL in ap_drop_rsna to avoid potential leak and avoid the eapol_sm continuing to use the handshake_state we freed.
This commit is contained in:
parent
c0a70cc9b7
commit
f460a7e12c
9
src/ap.c
9
src/ap.c
@ -229,7 +229,12 @@ static void ap_drop_rsna(struct sta_state *sta)
|
||||
l_error("Issuing DEL_KEY failed");
|
||||
}
|
||||
|
||||
handshake_state_free(sta->hs);
|
||||
if (sta->sm)
|
||||
eapol_sm_free(sta->sm);
|
||||
|
||||
if (sta->hs)
|
||||
handshake_state_free(sta->hs);
|
||||
|
||||
sta->hs = NULL;
|
||||
sta->sm = NULL;
|
||||
}
|
||||
@ -370,6 +375,7 @@ static void ap_handshake_event(struct handshake_state *hs,
|
||||
netdev_handshake_failed(hs, l_get_u16(event_data));
|
||||
/* fall through */
|
||||
case HANDSHAKE_EVENT_SETTING_KEYS_FAILED:
|
||||
sta->sm = NULL;
|
||||
ap_remove_sta(sta);
|
||||
default:
|
||||
break;
|
||||
@ -425,6 +431,7 @@ static void ap_associate_sta_cb(struct l_genl_msg *msg, void *user_data)
|
||||
sta->sm = eapol_sm_new(sta->hs);
|
||||
if (!sta->sm) {
|
||||
handshake_state_free(sta->hs);
|
||||
sta->hs = NULL;
|
||||
l_error("could not create sm object");
|
||||
goto error;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user