From patchwork Mon Feb 10 10:55:09 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Peer, Ilan" X-Patchwork-Id: 318742 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3737A2C00AF for ; Mon, 10 Feb 2014 21:55:00 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 3F1879C10A; Mon, 10 Feb 2014 05:54:30 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WhZK2ols9M8u; Mon, 10 Feb 2014 05:54:29 -0500 (EST) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id ECFB19C133; Mon, 10 Feb 2014 05:53:47 -0500 (EST) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id DA5809C120 for ; Mon, 10 Feb 2014 05:53:46 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wiXDpM58GHkE for ; Mon, 10 Feb 2014 05:53:41 -0500 (EST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 046949C109 for ; Mon, 10 Feb 2014 05:53:17 -0500 (EST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101.fm.intel.com with ESMTP; 10 Feb 2014 02:53:16 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.95,817,1384329600"; d="scan'208";a="472692008" Received: from unknown (HELO ipeer-e6430-1.jer.intel.com) ([10.12.217.169]) by fmsmga001.fm.intel.com with ESMTP; 10 Feb 2014 02:53:15 -0800 From: Ilan Peer To: hostap@lists.shmoo.com Subject: [PATCH 7/7] wpa_supplicant: fix null dereference in ieee802_1x_get_mib_sta() Date: Mon, 10 Feb 2014 12:55:09 +0200 Message-Id: <1392029710-1169-8-git-send-email-ilan.peer@intel.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1392029710-1169-1-git-send-email-ilan.peer@intel.com> References: <1392029710-1169-1-git-send-email-ilan.peer@intel.com> Cc: Eytan Lifshitz X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.11 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com From: Eytan Lifshitz In function ieee802_1x_get_mib_sta(), eap_server_get_name() may return null, and it will be dereference immidiate by os_snprintf(). Signed-hostap: Eytan Lifshitz --- src/ap/ieee802_1x.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index 49b30e4..21f815a 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -1953,6 +1953,8 @@ int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, int len = 0, ret; struct eapol_state_machine *sm = sta->eapol_sm; struct os_reltime diff; + const char *name1; + const char *name2; if (sm == NULL) return 0; @@ -2088,13 +2090,15 @@ int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, return len; len += ret; + name1 = eap_server_get_name(0, sm->eap_type_authsrv); + name2 = eap_server_get_name(0, sm->eap_type_supp); ret = os_snprintf(buf + len, buflen - len, "last_eap_type_as=%d (%s)\n" "last_eap_type_sta=%d (%s)\n", sm->eap_type_authsrv, - eap_server_get_name(0, sm->eap_type_authsrv), + name1 ? name1 : "", sm->eap_type_supp, - eap_server_get_name(0, sm->eap_type_supp)); + name2 ? name2 : ""); if (ret < 0 || (size_t) ret >= buflen - len) return len; len += ret;