Patchwork wpa_supplicant: prevent segmentation fault in p2p_group_match_dev_type.

login
register
mail settings
Submitter dvdspndl@gmail.com
Date March 7, 2013, 9:09 a.m.
Message ID <1362647378-8860-1-git-send-email-dvdspndl@gmail.com>
Download mbox | patch
Permalink /patch/225768/
State Rejected
Headers show

Comments

dvdspndl@gmail.com - March 7, 2013, 9:09 a.m.
From: David Spinadel <david.spinadel@intel.com>

Add nullity check in p2p_group_match_dev_type().

Signed-off-by: David Spinadel <david.spinadel@intel.com>
---
 src/p2p/p2p_group.c |    3 +++
 1 file changed, 3 insertions(+)
Jouni Malinen - March 10, 2013, 3:13 p.m.
On Thu, Mar 07, 2013 at 11:09:38AM +0200, David Spinadel wrote:
> Add nullity check in p2p_group_match_dev_type().

> diff --git a/src/p2p/p2p_group.c b/src/p2p/p2p_group.c
> @@ -706,6 +706,9 @@ int p2p_group_match_dev_type(struct p2p_group *group, struct wpabuf *wps)
> +	if (group == NULL)
> +		return 0;

In what case can this happen? p2p_group_match_dev_type() is called only
from handle_probe_req() and only if P2P is enabled in the interface. If
hapd->p2p_group == NULL in that case, there is something seriously wrong
elsewhere and this is just hiding the real issue.

Patch

diff --git a/src/p2p/p2p_group.c b/src/p2p/p2p_group.c
index 9559e44..bb26d4a 100644
--- a/src/p2p/p2p_group.c
+++ b/src/p2p/p2p_group.c
@@ -706,6 +706,9 @@  int p2p_group_match_dev_type(struct p2p_group *group, struct wpabuf *wps)
 {
 	struct p2p_group_member *m;
 
+	if (group == NULL)
+		return 0;
+
 	if (p2p_match_dev_type(group->p2p, wps))
 		return 1; /* Match with own device type */