commit a831d78b5fb6af549533456cda57f88d73f6d153
author Deepthi Gowri <deepthi@codeaurora.org> Mon Sep 03 11:55:38 2012 +0300
committer Dmitry Shmidt <dimitrysh@google.com> Sun Sep 09 12:59:23 2012 -0700
tree 9ba747267033d002b9b8008eb0e123b783558cbf
parent 1e6c57fee4a56b421cc20f6dc0785c9138b21337

Fix REMOVE_NETWORK to not run operations with invalid current_ssid

If the REMOVE_NETWORK command is used to delete the currently connected
network, some operations were run between removing the network and
clearing of wpa_s->current_ssid. This left wpa_s->current_ssid pointing
to freed memory and should any operation end up using it before the
pointer gets cleared, freed memory could be references. Avoid this by
removing the network only after having completed the operations that
clear wpa_s->current_ssid.

Signed-hostap: Deepthi Gowri <deepthi@codeaurora.org>
intended-for: hostap-1

wpa_supplicant/ctrl_iface.c

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index dbf8a84..89d6020 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -1881,8 +1881,7 @@
 	ssid = wpa_config_get_network(wpa_s->conf, id);
 	if (ssid)
 		wpas_notify_network_removed(wpa_s, ssid);
-	if (ssid == NULL ||
-	    wpa_config_remove_network(wpa_s->conf, id) < 0) {
+	if (ssid == NULL) {
 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
 			   "id=%d", id);
 		return -1;
@@ -1906,6 +1905,12 @@
 		wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
 	}
 
+	if (wpa_config_remove_network(wpa_s->conf, id) < 0) {
+		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Not able to remove the "
+			   "network id=%d", id);
+		return -1;
+	}
+
 	return 0;
 }