On 05/31/2018 01:48 AM, Jouni Malinen wrote:
On Tue, May 29, 2018 at 02:39:05PM -0700, peter.oh@xxxxxxxxxxxxxxxxx wrote:
mesh join function consitss of 2 parts which are preparing
configurations and sending join event to driver.
Since physical mesh join event could happen either right
after mesh configuration is done or after CAC is done
in case of DFS channel is used, factor out the function
into 2 parts to reduce redundant calls.
This leaks memory:
+void wpas_join_mesh(struct wpa_supplicant *wpa_s)
+{
+ struct wpa_driver_mesh_join_params *params = wpa_s->mesh_params;
Nothing frees wpa_s->mesh_params here or anywhere else. This needs to
get freed somewhere both in success and failure cases.
int wpa_supplicant_join_mesh(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
- struct wpa_driver_mesh_join_params params;
+ struct wpa_driver_mesh_join_params *params =
+ os_zalloc(sizeof(struct wpa_driver_mesh_join_params));
This is where the allocation happens.
- if (wpa_supplicant_mesh_init(wpa_s, ssid, ¶ms.freq)) {
+ wpa_s->mesh_params = params;
+ if (wpa_supplicant_mesh_init(wpa_s, ssid, ¶ms->freq)) {
And this sets wpa_s->mesh_params overriding the previous (potentially
unfreed) pointer.
Will address them in v6.
Thanks,
Peter
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
