> > @@ -6196,8 +6199,7 @@ skip_auth_type:
> > - ret = send_and_recv_msgs_owner(drv, msg, nl_connect, 1, NULL,
> > - (void *) -1, NULL, NULL);
> > + ret = send_and_recv_msgs_connect_handle(drv, msg, bss);
>
> This would lose that special valid_handler = NULL, valid_data = (void *)
> -1 combination that is needed at the end of send_and_recv() to be able to
> use nl80211_nlmsg_clear(msg) to get any private material like keys explicitly
> cleared from freed heap memory. See commit bbd89bfca0b4i
> ("nl80211: Clear nlmsg payload with keys before freeing") for more details.
>
> That special case needs to be covered here. Since it may be inconvenient to
> cover this without adding new arguments to all send_and_recv functions, it
> may be worth considering whether that conditional
> nl80211_nlmsg_clear() call at the end of send_and_recv() should simply be
> made unconditional.. It would burn some more resources clearing memory
> unnecessarily for most messages, but that's unlikely to be much of and issue
> in practice.
This is a good point that I missed in the review. I will submit a fixed version.
Thank you for reviewing.
Andrei
>
> --
> Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
