diff options
| author | Jouni Malinen <jouni@codeaurora.org> | 2021-02-05 00:28:17 +0200 |
|---|---|---|
| committer | Hai Shalom <haishalom@google.com> | 2021-02-24 03:22:59 +0000 |
| commit | f3f8d3c8a89ff2b79a8eff5d2a3d94af70847b27 (patch) | |
| tree | dd5ba0562f7824bd55dca7683cd15747b3be9eba /wpa_supplicant/wpa_supplicant.c | |
| parent | 8fca585d33a5042eb7778b17ec38dbb9f133a758 (diff) | |
| download | wpa_supplicant_8-f3f8d3c8a89ff2b79a8eff5d2a3d94af70847b27.tar.gz | |
Flush pending control interface message for an interface to be removed
wpa_supplicant_ctrl_iface_deinit() was executed only if the
per-interface control interface initialization had been completed. This
is not the case if driver initialization fails and that could result in
leaving behind references to the freed wpa_s instance in a corner case
where control interface messages ended up getting queued.
Fix this by calling wpa_supplicant_ctrl_iface_deinit() in all cases to
cancel the potential eloop timeout for wpas_ctrl_msg_queue_timeout with
the reference to the wpa_s pointer. In addition, flush any pending
message from the global queue for this interface since such a message
cannot be of use after this and there is no need to leave them in the
queue until the global control interface gets deinitialized.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Bug: 168314741
Test: Connect to Wi-Fi networks, enable SAP, verify correctness
Test: Run wifi_test PoC - verify no exception
Change-Id: I2dcc00b1b1db1f30432641c7202e0353eca55722
Diffstat (limited to 'wpa_supplicant/wpa_supplicant.c')
| -rw-r--r-- | wpa_supplicant/wpa_supplicant.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index ffe162cb..1fd65068 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -1159,8 +1159,8 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s) os_strcmp(conf->ctrl_interface, wpa_s->conf->ctrl_interface) != 0); - if (reconf_ctrl && wpa_s->ctrl_iface) { - wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface); + if (reconf_ctrl) { + wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface); wpa_s->ctrl_iface = NULL; } @@ -6746,10 +6746,8 @@ static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s, if (terminate) wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING); - if (wpa_s->ctrl_iface) { - wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface); - wpa_s->ctrl_iface = NULL; - } + wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface); + wpa_s->ctrl_iface = NULL; #ifdef CONFIG_MESH if (wpa_s->ifmsh) { |