pmksa_cache_add_entry() may actually free old_entry if the pmksa cache is full. This can result in the pmksa cache containing entries with corrupt expiration times. Signed-off-by: Andrew Elble <aweits@xxxxxxx> --- src/rsn_supp/pmksa_cache.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c index e1cfa146a3d1..a353404c22b4 100644 --- a/src/rsn_supp/pmksa_cache.c +++ b/src/rsn_supp/pmksa_cache.c @@ -367,6 +367,7 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa, const u8 *aa) { struct rsn_pmksa_cache_entry *new_entry; + os_time_t old_expiration = old_entry->expiration; new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len, NULL, NULL, 0, @@ -378,7 +379,7 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa, return NULL; /* TODO: reorder entries based on expiration time? */ - new_entry->expiration = old_entry->expiration; + new_entry->expiration = old_expiration; new_entry->opportunistic = 1; return new_entry; -- 2.10.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap