Patchwork wpa_supplicant: Cancel delayed scheduled scan when wpa_supplicant cleanups

login
register
mail settings
Submitter Chengyi Zhao
Date July 16, 2013, 8:29 a.m.
Message ID <1373963393-13737-1-git-send-email-chengyix.zhao@gmail.com>
Download mbox | patch
Permalink /patch/259376/
State Accepted
Commit 831770bffe7536b1c63608c2bef0ea223edb605d
Headers show

Comments

Chengyi Zhao - July 16, 2013, 8:29 a.m.
From: Chengyi Zhao <chengyix.zhao@gmail.com>

Because delayed scheduled scan will access the member of struct
wpa_supplicant which is freed, and result in the crash,
the program should cancel delayed scheduled scan when
wpa_supplicant cleanups.

Signed-hostap: Chengyi Zhao <chengyix.zhao@gmail.com>
---
 wpa_supplicant/scan.c           |   16 ++++++++++++++++
 wpa_supplicant/scan.h           |    1 +
 wpa_supplicant/wpa_supplicant.c |    1 +
 3 files changed, 18 insertions(+)
Jouni Malinen - July 20, 2013, 2:49 p.m.
On Tue, Jul 16, 2013 at 04:29:53PM +0800, Chengyi Zhao wrote:
> Because delayed scheduled scan will access the member of struct
> wpa_supplicant which is freed, and result in the crash,
> the program should cancel delayed scheduled scan when
> wpa_supplicant cleanups.

Thanks, applied.

Patch

diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index bdd6815..b7d9db5 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -1228,6 +1228,22 @@  void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
 	wpas_p2p_continue_after_scan(wpa_s);
 }
 
+/**
+ * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scans
+ * @wpa_s: Pointer to wpa_supplicant data
+ *
+ * This function is used to stop a delayed scheduled scan.
+ */
+void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s)
+{
+	if (!wpa_s->sched_scan_supported)
+		return;
+
+	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan");
+	eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout,
+								wpa_s, NULL);
+}
+
 
 /**
  * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans
diff --git a/wpa_supplicant/scan.h b/wpa_supplicant/scan.h
index e892479..2144787 100644
--- a/wpa_supplicant/scan.h
+++ b/wpa_supplicant/scan.h
@@ -15,6 +15,7 @@  int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s,
 				      int sec, int usec);
 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s);
 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s);
+void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s);
 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s);
 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s,
 				    int scanning);
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 5773013..5984060 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -421,6 +421,7 @@  static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
 
 	wpa_bss_deinit(wpa_s);
 
+	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
 	wpa_supplicant_cancel_scan(wpa_s);
 	wpa_supplicant_cancel_auth_timeout(wpa_s);
 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);