mwifiex: fix use-after-free in beacon_ie processing - linux

diff options

author	Bing Zhao <bzhao@marvell.com>	2013-04-12 19:34:17 +0200
committer	John W. Linville <linville@tuxdriver.com>	2013-04-22 21:38:35 +0200
commit	d837a2ae40fd37bcbb5a42126e3d89c68c90fccc (patch)
tree	d952e47adcbfbb9c7797b5593149df161de3f4e6 /drivers/ssb
parent	mwifiex: don't try to associate when bss_mode is not STA (diff)
download	linux-d837a2ae40fd37bcbb5a42126e3d89c68c90fccc.tar.xz linux-d837a2ae40fd37bcbb5a42126e3d89c68c90fccc.zip

mwifiex: fix use-after-free in beacon_ie processing

beacon_ie buffer is allocated in mwifiex_fill_new_bss_desc() and the buffer pointer is saved in bss_desc->beacon_buf. beacon_ie is freed before the function returns. However, bss_desc->beacon_buf is still being accessed afterwards. Fix it by freeing beacon_ie (bss_desc->beacon_buf) in caller's scope. Reviewed-by: Doug Anderson <dianders@chromium.org> Reviewed-by: Paul Stewart <pstew@chromium.org> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>

Diffstat (limited to 'drivers/ssb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: