wpa_supplicant: prevent segmentation fault in p2p_group_match_dev_type.

Submitted by dvdspndl@gmail.com on March 7, 2013, 9:09 a.m.

Details

Message ID 1362647378-8860-1-git-send-email-dvdspndl@gmail.com
State Rejected
Headers show

Commit Message

dvdspndl@gmail.com March 7, 2013, 9:09 a.m.
From: David Spinadel <david.spinadel@intel.com>

Add nullity check in p2p_group_match_dev_type().

Signed-off-by: David Spinadel <david.spinadel@intel.com>
---
 src/p2p/p2p_group.c |    3 +++
 1 file changed, 3 insertions(+)

Comments

Jouni Malinen March 10, 2013, 3:13 p.m.
On Thu, Mar 07, 2013 at 11:09:38AM +0200, David Spinadel wrote:
> Add nullity check in p2p_group_match_dev_type().

> diff --git a/src/p2p/p2p_group.c b/src/p2p/p2p_group.c
> @@ -706,6 +706,9 @@ int p2p_group_match_dev_type(struct p2p_group *group, struct wpabuf *wps)
> +	if (group == NULL)
> +		return 0;

In what case can this happen? p2p_group_match_dev_type() is called only
from handle_probe_req() and only if P2P is enabled in the interface. If
hapd->p2p_group == NULL in that case, there is something seriously wrong
elsewhere and this is just hiding the real issue.

Patch hide | download patch | download mbox

diff --git a/src/p2p/p2p_group.c b/src/p2p/p2p_group.c
index 9559e44..bb26d4a 100644
--- a/src/p2p/p2p_group.c
+++ b/src/p2p/p2p_group.c
@@ -706,6 +706,9 @@  int p2p_group_match_dev_type(struct p2p_group *group, struct wpabuf *wps)
 {
 	struct p2p_group_member *m;
 
+	if (group == NULL)
+		return 0;
+
 	if (p2p_match_dev_type(group->p2p, wps))
 		return 1; /* Match with own device type */