From a6c63ee6d5d842bb8c4663c5140ae2c8e7360cac Mon Sep 17 00:00:00 2001 From: "Wang, Fan" Date: Thu, 28 Feb 2019 17:10:09 +0800 Subject: [PATCH] NetworkPkg: Fix Duplicate FreePool Error in WCM * REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1577 In WiFi Connection Manager scan process, the result received from WiFi device driver will be freed twice, and will cause unexpected errors, and even system crash. This issue also exists in some other places potentially, this patch is to fix these issues and also add Timer Cancelling before Close to avoid potential NULL reference. Cc: Ye Ting Cc: Fu Siyuan Cc: Wu Jiaxin Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wang Fan Reviewed-by: Fu Siyuan Reviewed-by: Wu Jiaxin --- .../WifiConnectionManagerDxe/WifiConnectionMgrDriver.c | 1 + .../WifiConnectionManagerDxe/WifiConnectionMgrFileUtil.c | 1 + .../WifiConnectionMgrHiiConfigAccess.c | 9 +++++++++ .../WifiConnectionManagerDxe/WifiConnectionMgrImpl.c | 1 - 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDriver.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDriver.c index 1431cdc7ea..63b0670c63 100644 --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDriver.c +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDriver.c @@ -411,6 +411,7 @@ WifiMgrDxeDriverBindingStop ( // // Close Event // + gBS->SetTimer (Nic->TickTimer, TimerCancel, 0); gBS->CloseEvent (Nic->TickTimer); // diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrFileUtil.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrFileUtil.c index 6db1626f2d..0224823431 100644 --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrFileUtil.c +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrFileUtil.c @@ -253,6 +253,7 @@ UpdatePage( if (Private->FileContext->FileName != NULL) { FreePool (Private->FileContext->FileName); + Private->FileContext->FileName = NULL; } Private->FileContext->FileName = FileName; diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c index bfb6b6e5ca..d0d55f46da 100644 --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c @@ -447,6 +447,8 @@ WifiMgrRefreshNetworkList ( } FreePool (AKMListDisplay); FreePool (CipherListDisplay); + AKMListDisplay = NULL; + CipherListDisplay = NULL; HiiCreateGotoOpCode ( StartOpCodeHandle, @@ -532,6 +534,8 @@ WifiMgrRefreshNetworkList ( } FreePool (AKMListDisplay); FreePool (CipherListDisplay); + AKMListDisplay = NULL; + CipherListDisplay = NULL; HiiCreateGotoOpCode ( StartOpCodeHandle, @@ -612,6 +616,8 @@ WifiMgrRefreshNetworkList ( } FreePool (AKMListDisplay); FreePool (CipherListDisplay); + AKMListDisplay = NULL; + CipherListDisplay = NULL; PortHelpToken = HiiSetString (Private->RegisteredHandle, 0, PortString, NULL); @@ -1657,6 +1663,7 @@ WifiMgrDxeHiiConfigAccessCallback ( ZeroMem (Profile->PrivateKeyData, Profile->PrivateKeyDataSize); FreePool (Profile->PrivateKeyData); + Profile->PrivateKeyData = NULL; } Status = WifiMgrReadFileToBuffer ( @@ -1700,12 +1707,14 @@ WifiMgrDxeHiiConfigAccessCallback ( ZeroMem (Profile->CACertData, Profile->CACertSize); FreePool (Profile->CACertData); + Profile->CACertData = NULL; } } else if (Private->FileType == FileTypeClientCert) { if (Profile->ClientCertData != NULL) { ZeroMem (Profile->ClientCertData, Profile->ClientCertSize); FreePool (Profile->ClientCertData); + Profile->ClientCertData = NULL; } } else { break; diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c index 52ce18dfd8..9417440ac5 100644 --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c @@ -212,7 +212,6 @@ WifiMgrOnScanFinished ( } } - FreePool (Result); gBS->SignalEvent (Nic->Private->NetworkListRefreshEvent); // -- 2.39.2