Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-26 02:19:26 +01:00
Code Releases Activity

ap: eapol_sm lifecycle fixes

Browse Source 
On one hand when we're called with HANDSHAKE_EVENT_FAILED or
HANDSHAKE_EVENT_SETTING_KEYS_FAILED the eapol_sm will be freed in
eapol.c, fix a double-free by setting it to NULL before ap_free_sta
is called.
On the other hand make sure we call eapol_sm_free before setting
sta->sm to NULL in ap_drop_rsna to avoid potential leak and avoid
the eapol_sm continuing to use the handshake_state we freed.
This commit is contained in:
Andrew Zaborowski 2018-08-24 03:37:53 +02:00 committed by Denis Kenzior
parent c0a70cc9b7
commit f460a7e12c
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/ap.c
View File

@ -229,7 +229,12 @@ static void ap_drop_rsna(struct sta_state *sta)
l_error("Issuing DEL_KEY failed"); l_error("Issuing DEL_KEY failed");
} }
handshake_state_free(sta->hs); if (sta->sm)
eapol_sm_free(sta->sm);
if (sta->hs)
handshake_state_free(sta->hs);
sta->hs = NULL; sta->hs = NULL;
sta->sm = NULL; sta->sm = NULL;
} }
@ -370,6 +375,7 @@ static void ap_handshake_event(struct handshake_state *hs,
netdev_handshake_failed(hs, l_get_u16(event_data)); netdev_handshake_failed(hs, l_get_u16(event_data));
/* fall through */ /* fall through */
case HANDSHAKE_EVENT_SETTING_KEYS_FAILED: case HANDSHAKE_EVENT_SETTING_KEYS_FAILED:
sta->sm = NULL;
ap_remove_sta(sta); ap_remove_sta(sta);
default: default:
break; break;
@ -425,6 +431,7 @@ static void ap_associate_sta_cb(struct l_genl_msg *msg, void *user_data)
sta->sm = eapol_sm_new(sta->hs); sta->sm = eapol_sm_new(sta->hs);
if (!sta->sm) { if (!sta->sm) {
handshake_state_free(sta->hs); handshake_state_free(sta->hs);
sta->hs = NULL;
l_error("could not create sm object"); l_error("could not create sm object");
goto error; goto error;
} }