Patchwork wpa_supplicant: null pointer check before pmksa_cache_flush

login
register
mail settings
Submitter dvdspndl@gmail.com
Date March 7, 2013, 9:12 a.m.
Message ID <1362647521-8260-1-git-send-email-dvdspndl@gmail.com>
Download mbox | patch
Permalink /patch/225769/
State Not Applicable
Headers show

Comments

dvdspndl@gmail.com - March 7, 2013, 9:12 a.m.
From: David Spinadel <david.spinadel@intel.com>

Avoid segmentation fault in case of running wpa_supplicant w/o loaded driver.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
---
 src/rsn_supp/wpa.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
Jouni Malinen - March 10, 2013, 3:18 p.m.
On Thu, Mar 07, 2013 at 11:12:01AM +0200, David Spinadel wrote:
> Avoid segmentation fault in case of running wpa_supplicant w/o loaded driver.

> diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
> @@ -2622,7 +2622,8 @@ void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
>  void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
>  {
>  #ifndef CONFIG_NO_WPA2
> -	pmksa_cache_flush(sm->pmksa, network_ctx);
> +	if (sm)
> +		pmksa_cache_flush(sm->pmksa, network_ctx);

Could you please clarify what exactly you mean with "running without
loaded driver"? I'm trying to figure out how it would be possible to hit
a code path where this gets called with sm == NULL..
Spinadel, David - March 11, 2013, 10:55 a.m.
I'm not sure, it was a year ago and It was happening for me very often. Now I can't reproduce it, maybe it was fixed somehow.

David 

> -----Original Message-----
> From: hostap-bounces@lists.shmoo.com [mailto:hostap-
> bounces@lists.shmoo.com] On Behalf Of Jouni Malinen
> Sent: Sunday, March 10, 2013 17:18
> To: hostap@lists.shmoo.com
> Subject: Re: [PATCH] wpa_supplicant: null pointer check before
> pmksa_cache_flush
> 
> On Thu, Mar 07, 2013 at 11:12:01AM +0200, David Spinadel wrote:
> > Avoid segmentation fault in case of running wpa_supplicant w/o loaded
> driver.
> 
> > diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c @@ -2622,7
> > +2622,8 @@ void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const
> u8
> > *replay_ctr)  void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void
> > *network_ctx)  {  #ifndef CONFIG_NO_WPA2
> > -	pmksa_cache_flush(sm->pmksa, network_ctx);
> > +	if (sm)
> > +		pmksa_cache_flush(sm->pmksa, network_ctx);
> 
> Could you please clarify what exactly you mean with "running without loaded
> driver"? I'm trying to figure out how it would be possible to hit a code path
> where this gets called with sm == NULL..
> 
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP@lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
---------------------------------------------------------------------
A member of the Intel Corporation group of companies

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
Jouni Malinen - March 16, 2013, 10:49 a.m.
On Mon, Mar 11, 2013 at 10:55:17AM +0000, Spinadel, David wrote:
> I'm not sure, it was a year ago and It was happening for me very often. Now I can't reproduce it, maybe it was fixed somehow.

Commit 8c0d3b4fc668f857af39efdb69f8a6acf580bde1 ("Fix segfault on error
path if driver initialization fails") added "if (wpa_s->wpa)" validation
for a wpa_sm_pmksa_cache_flush() call.
Spinadel, David - March 17, 2013, 7:58 a.m.
Great, forget my patch.

Thanks,
David 

> -----Original Message-----
> From: hostap-bounces@lists.shmoo.com [mailto:hostap-
> bounces@lists.shmoo.com] On Behalf Of Jouni Malinen
> Sent: Saturday, March 16, 2013 12:50
> To: hostap@lists.shmoo.com
> Subject: Re: [PATCH] wpa_supplicant: null pointer check before
> pmksa_cache_flush
> 
> On Mon, Mar 11, 2013 at 10:55:17AM +0000, Spinadel, David wrote:
> > I'm not sure, it was a year ago and It was happening for me very often.
> Now I can't reproduce it, maybe it was fixed somehow.
> 
> Commit 8c0d3b4fc668f857af39efdb69f8a6acf580bde1 ("Fix segfault on error
> path if driver initialization fails") added "if (wpa_s->wpa)" validation for a
> wpa_sm_pmksa_cache_flush() call.
> 
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP@lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
---------------------------------------------------------------------
A member of the Intel Corporation group of companies

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

Patch

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index e50404c..3150dc3 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2622,7 +2622,8 @@  void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
 {
 #ifndef CONFIG_NO_WPA2
-	pmksa_cache_flush(sm->pmksa, network_ctx);
+	if (sm)
+		pmksa_cache_flush(sm->pmksa, network_ctx);
 #endif /* CONFIG_NO_WPA2 */
 }