On Thu, Jan 21, 2021 at 05:40:34PM +0200, Andrei Otcheretianski wrote:
> Fix it by using the process_bss_event() handler when the nl_connect
> handler is used.
In general, that sounds fine, but there is one detail that is missed
here in the implementation:
> +send_and_recv_msgs_connect_handle(struct wpa_driver_nl80211_data *drv,
> + struct nl_msg *msg, struct i802_bss *bss)
> +{
> + struct nl_sock *nl_connect = get_connect_handle(bss);
> +
> + if (nl_connect)
> + return send_and_recv_msgs_owner(drv, msg, nl_connect, 1,
> + process_bss_event, bss, NULL,
> + NULL);
> @@ -6196,8 +6199,7 @@ skip_auth_type:
> - ret = send_and_recv_msgs_owner(drv, msg, nl_connect, 1, NULL,
> - (void *) -1, NULL, NULL);
> + ret = send_and_recv_msgs_connect_handle(drv, msg, bss);
This would lose that special valid_handler = NULL, valid_data = (void *)
-1 combination that is needed at the end of send_and_recv() to be able
to use nl80211_nlmsg_clear(msg) to get any private material like keys
explicitly cleared from freed heap memory. See commit bbd89bfca0b4i
("nl80211: Clear nlmsg payload with keys before freeing") for more
details.
That special case needs to be covered here. Since it may be inconvenient
to cover this without adding new arguments to all send_and_recv
functions, it may be worth considering whether that conditional
nl80211_nlmsg_clear() call at the end of send_and_recv() should simply
be made unconditional.. It would burn some more resources clearing
memory unnecessarily for most messages, but that's unlikely to be much
of and issue in practice.
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
