Patchwork Add explicit NULL check before accessing data pointer

login
register
mail settings
Submitter De Cesco, Jonathan
Date July 21, 2014, 9:38 a.m.
Message ID <CD6019BEAD1B5F4E883DC42E86CD17512829961B@IRSMSX103.ger.corp.intel.com>
Download mbox | patch
Permalink /patch/372013/
State Rejected
Headers show

Comments

De Cesco, Jonathan - July 21, 2014, 9:38 a.m.
Android private lib for nl80211 driver is sending
wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, NULL);
For this event, data pointer validity is not checked before access.

Signed-off-by: Jonathan DE CESCO <jonathan.de.cesco@intel.com>
---
 wpa_supplicant/events.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
Jouni Malinen - July 26, 2014, 3:49 p.m.
On Mon, Jul 21, 2014 at 09:38:28AM +0000, De Cesco, Jonathan wrote:
> Android private lib for nl80211 driver is sending
> wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, NULL);
> For this event, data pointer validity is not checked before access.

That's not part of the upstream hostap.git nor a valid call, i.e., the
caller should be fixed instead. All the hostap.git users of
wpa_supplicant_event() provide the required data for
EVENT_CHANNEL_LIST_CHANGED.

Patch

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 4e84f6e..8cf2dd9 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3369,8 +3369,9 @@  void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
 		wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
 		break;
 	case EVENT_CHANNEL_LIST_CHANGED:
-		wpa_supplicant_update_channel_list(
-			wpa_s, &data->channel_list_changed);
+		if (data)
+			wpa_supplicant_update_channel_list(
+						wpa_s, &data->channel_list_changed);
 		break;
 	case EVENT_INTERFACE_UNAVAILABLE:
 		wpas_p2p_interface_unavailable(wpa_s);