~ubuntu-branches/ubuntu/lucid/wpasupplicant/lucid-security

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
From d7199342f0633b5ab147dca5b885530fe32ceaeb Mon Sep 17 00:00:00 2001
From: David Smith <david.daniel.smith@gmail.com>
Date: Wed, 11 Nov 2009 17:46:15 +0200
Subject: [PATCH 1/1] Reset EAPOL pointer when handling DBus smartcard parameters

Smartcard parameter update via DBus ended up re-initializing the EAPOL
state machine without updating the pointer inside WPA state machine.
This can trigger a segfault when EAP layer attempts to use the old
reference. Fix this by re-initializing the pointer inside WPA state
machine.
---
 wpa_supplicant/ctrl_iface_dbus_handlers.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

Index: wpasupplicant.lucid/wpa_supplicant/ctrl_iface_dbus_handlers.c
===================================================================
--- wpasupplicant.lucid.orig/wpa_supplicant/ctrl_iface_dbus_handlers.c	2012-02-14 14:03:32.000000000 -0500
+++ wpasupplicant.lucid/wpa_supplicant/ctrl_iface_dbus_handlers.c	2012-02-15 11:59:31.760632595 -0500
@@ -24,6 +24,7 @@
 #include "ieee802_11_defs.h"
 #include "wpas_glue.h"
 #include "eapol_supp/eapol_supp_sm.h"
+#include "wpa.h"
 
 
 /**
@@ -1246,8 +1247,11 @@
 	wpa_s->conf->pkcs11_module_path = pkcs11_module_path;
 #endif /* EAP_TLS_OPENSSL */
 
+	wpa_sm_set_eapol(wpa_s->wpa, NULL);
 	eapol_sm_deinit(wpa_s->eapol);
+	wpa_s->eapol = NULL;
 	wpa_supplicant_init_eapol(wpa_s);
+	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
 
 	return wpas_dbus_new_success_reply(message);