From patchwork Wed Sep 25 17:22:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Davide Caratti X-Patchwork-Id: 1167539 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="nys5VI17"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="TqXkkt51"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46dlJ444mWz9sCJ for ; Thu, 26 Sep 2019 03:23:00 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=r3CHzy/0T5QeQ9b03tTMT+qLKCqJDnY5sWa8ypS/7fw=; b=nys5VI17vhILCP KTRuMIYRY7UPC3S2V0ewqWe9U8Vyli4vBHHA0UpL3fbASVqAVlj9xrVts3SLMwmMh+vLnvgbHtgqL aY9A0fby9NXxNUQb1qL7k82hCQnWMNze7t5JtmSc9Q1R4OPpy/CgXhF+2Zl+qmhQ8bvXHiaRvYDxT O+A9giArb4M68i6x/69upzGhsPQfrDYk+ju2QBCu7Ooeni9zuzVV5z1tPI+tRcaW3z69r/5D0wWWo oXMTlZafLXX4o14l1Q1WTe26QVykB3gFor5cR9BvDO6tDApIpgbLnCo5KBBMiJQdsIYyJJ9jEVZEQ +BYKrGlggOkvpTLLXRqA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.2 #3 (Red Hat Linux)) id 1iDB0B-00017Y-8p; Wed, 25 Sep 2019 17:22:55 +0000 Received: from mail-wm1-x343.google.com ([2a00:1450:4864:20::343]) by bombadil.infradead.org with esmtps (Exim 4.92.2 #3 (Red Hat Linux)) id 1iDB07-00017B-QX for hostap@lists.infradead.org; Wed, 25 Sep 2019 17:22:53 +0000 Received: by mail-wm1-x343.google.com with SMTP id p7so6626376wmp.4 for ; Wed, 25 Sep 2019 10:22:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=24RYzJ7ltPt2ejL0CmKWg4CiyLZli0UnU7FAFCIso2k=; b=TqXkkt51jKCRYgIjomS2deMAXnO8ApWehsyyd8KYQtr4Lc1rygSyH8FvPjUC2X/3iC J91X0GLHvfkwyamlxVjFDhxzXwBMtodanJo/1z5zaUVzqD9Jt5obfCKrurd5vddKWQqJ FMkFg8X2hfWaQ+HdR0sydyPLb2GyNtTDq9rchr+qw1VL/bErzRnhpUpOR+7OWrvP51Qs S5xB2h0MmoIZdDEpF4YD3YAPI6m50CDPAtEoQiZsy3m6iMnjaW2t2JwEGvpogKjLu9oU ZUNPHzkeRGFTttDj00oE5CsRKfKmq5JtuVmZiusE+IWZnMdAffN8MksQXYrg78q0u194 VU+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=24RYzJ7ltPt2ejL0CmKWg4CiyLZli0UnU7FAFCIso2k=; b=A5oWcOm+p9AgaE6N4Vqs9DZq2q6eDuTbOREjfSsfXe+4057ASUanLLGuHBGztcL/Ka PDCLycB/vZ2eKOe87xgolVjNn+Dk9ZZXnIPUERRU9Ni5ugH2GlnDV5HWyrIpjPCNHD+f A+0XOgJZ+OUXVoKeTp2ezUqnC6jGIaFQapzWbzW8H4AId9hWVMrRlx7rDIuoMg+FdMKk NnlXoJOwYHcLbQor1QA5gLWnPTVc+Ef20S7C+CKZobbjN1rRp2mPbAt3u8FIBcr9Onv0 wKoFcAPrisqIOhx5oCRAFDRSUOMs+2uN4XCDx3Iz/C+NF7ZrLhYqgsPhnd/L7YZzo9P+ bULQ== X-Gm-Message-State: APjAAAXYbsaEGg/x4gVlPeHUY+kqdEIXVcdGlXUZBpL2e6tyX8iLsIfW frvkqRXPksRvXPwLUWFZgVE= X-Google-Smtp-Source: APXvYqzFjjlkurM58y5yU6MpjLhb0yq+HaZ9E6sVIape+mEYLwUwZIJTd5TrJI6bDAgYU5V6/KKpUg== X-Received: by 2002:a7b:cf0e:: with SMTP id l14mr9081922wmg.138.1569432169992; Wed, 25 Sep 2019 10:22:49 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id q10sm13241564wrd.39.2019.09.25.10.22.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Sep 2019 10:22:49 -0700 (PDT) From: Davide Caratti To: Benjamin Berg , Beniamino Galvani , Vladimir Benes , j@w1.fi Subject: [PATCH] D-Bus: fix P2P NULL dereference after interface removal Date: Wed, 25 Sep 2019 19:22:43 +0200 Message-Id: <7745d6b39156e1d76cd08f2dd37a640aa0095908.1569432163.git.davide.caratti@gmail.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190925_102251_866546_35C0109A X-CRM114-Status: GOOD ( 13.67 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:343 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (davide.caratti[at]gmail.com) -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: hostap@lists.infradead.org Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org when the P2P management interface is deleted, P2P is then disabled and global->p2p_init_wpa_s is set to NULL. After that, other interfaces can still trigger P2P functions (like wpas_p2p_find()) using d-bus. This makes wpa_supplicant terminate with SIGSEGV, because it dereferences a NULL pointer: fix this adding proper checks, like it's done with wpa_cli. CC: Beniamino Galvani CC: Benjamin Berg Reported-by: Vladimir Benes Signed-off-by: Davide Caratti --- wpa_supplicant/dbus/dbus_new_handlers_p2p.c | 66 ++++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c index 8cdd88564..d476cbd55 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c +++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c @@ -40,6 +40,14 @@ static int wpas_dbus_validate_dbus_ipaddr(struct wpa_dbus_dict_entry entry) } +static dbus_bool_t no_p2p_mgmt_interface(DBusError *error) +{ + dbus_set_error_const(error, WPAS_DBUS_ERROR_IFACE_UNKNOWN, + "Could not find P2P mgmt interface"); + return FALSE; +} + + /** * Parses out the mac address from the peer object path. * @peer_path - object path of the form @@ -78,6 +86,22 @@ wpas_dbus_error_persistent_group_unknown(DBusMessage *message) } +/** + * wpas_dbus_error_no_p2p_mgmt_iface - Return a new InterfaceUnknown error + * message + * @message: Pointer to incoming dbus message this error refers to + * Returns: a dbus error message + * + * Convenience function to create and return an unknown interface error. + */ +static DBusMessage * wpas_dbus_error_no_p2p_mgmt_iface(DBusMessage *message) +{ + wpa_printf(MSG_DEBUG, "Could not find P2P mgmt interface"); + return dbus_message_new_error(message, WPAS_DBUS_ERROR_IFACE_UNKNOWN, + "Could not find P2P mgmt interface"); +} + + DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message, struct wpa_supplicant *wpa_s) { @@ -145,6 +169,10 @@ DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message, } wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) { + reply = wpas_dbus_error_no_p2p_mgmt_iface(message); + goto error; + } if (wpas_p2p_find(wpa_s, timeout, type, num_req_dev_types, req_dev_types, NULL, 0, 0, NULL, freq)) @@ -166,7 +194,9 @@ error: DBusMessage * wpas_dbus_handler_p2p_stop_find(DBusMessage *message, struct wpa_supplicant *wpa_s) { - wpas_p2p_stop_find(wpa_s->global->p2p_init_wpa_s); + wpa_s = wpa_s->global->p2p_init_wpa_s; + if (wpa_s) + wpas_p2p_stop_find(wpa_s); return NULL; } @@ -185,6 +215,8 @@ DBusMessage * wpas_dbus_handler_p2p_rejectpeer(DBusMessage *message, return wpas_dbus_error_invalid_args(message, NULL); wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) + return wpas_dbus_error_no_p2p_mgmt_iface(message); if (wpas_p2p_reject(wpa_s, peer_addr) < 0) return wpas_dbus_error_unknown_error(message, @@ -204,6 +236,8 @@ DBusMessage * wpas_dbus_handler_p2p_listen(DBusMessage *message, return wpas_dbus_error_no_memory(message); wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) + return wpas_dbus_error_no_p2p_mgmt_iface(message); if (wpas_p2p_listen(wpa_s, (unsigned int) timeout)) { return dbus_message_new_error(message, @@ -245,6 +279,8 @@ DBusMessage * wpas_dbus_handler_p2p_extendedlisten( } wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) + return wpas_dbus_error_no_p2p_mgmt_iface(message); if (wpas_p2p_ext_listen(wpa_s, period, interval)) return wpas_dbus_error_unknown_error( @@ -350,6 +386,10 @@ DBusMessage * wpas_dbus_handler_p2p_group_add(DBusMessage *message, } wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) { + reply = wpas_dbus_error_no_p2p_mgmt_iface(message); + goto out; + } if (pg_object_path != NULL) { char *net_id_str; @@ -433,6 +473,12 @@ static dbus_bool_t wpa_dbus_p2p_check_enabled(struct wpa_supplicant *wpa_s, "P2P is not available for this interface"); return FALSE; } + if (!wpa_s->global->p2p_init_wpa_s) { + if (out_reply) + *out_reply = wpas_dbus_error_no_p2p_mgmt_iface( + message); + return no_p2p_mgmt_interface(error); + } return TRUE; } @@ -822,6 +868,8 @@ DBusMessage * wpas_dbus_handler_p2p_prov_disc_req(DBusMessage *message, return wpas_dbus_error_invalid_args(message, NULL); wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) + return wpas_dbus_error_no_p2p_mgmt_iface(message); if (wpas_p2p_prov_disc(wpa_s, peer_addr, config_method, WPAS_P2P_PD_FOR_GO_NEG, NULL) < 0) @@ -1882,6 +1930,8 @@ dbus_bool_t wpas_dbus_getter_p2p_peer_groups( wpa_s = peer_args->wpa_s; wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) + return no_p2p_mgmt_interface(error); wpa_s_go = wpas_get_p2p_client_iface(wpa_s, info->p2p_device_addr); if (wpa_s_go) { @@ -1963,6 +2013,9 @@ dbus_bool_t wpas_dbus_getter_persistent_groups( dbus_bool_t success = FALSE; wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) + return no_p2p_mgmt_interface(error); + if (!wpa_s->parent->dbus_new_path) return FALSE; @@ -2077,6 +2130,11 @@ DBusMessage * wpas_dbus_handler_add_persistent_group( dbus_message_iter_init(message, &iter); wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) { + reply = wpas_dbus_error_no_p2p_mgmt_iface(message); + goto err; + } + if (wpa_s->parent->dbus_new_path) ssid = wpa_config_add_network(wpa_s->conf); if (ssid == NULL) { @@ -2159,6 +2217,10 @@ DBusMessage * wpas_dbus_handler_remove_persistent_group( DBUS_TYPE_INVALID); wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) { + reply = wpas_dbus_error_no_p2p_mgmt_iface(message); + goto out; + } /* * Extract the network ID and ensure the network is actually a child of @@ -2235,6 +2297,8 @@ DBusMessage * wpas_dbus_handler_remove_all_persistent_groups( struct wpa_config *config; wpa_s = wpa_s->global->p2p_init_wpa_s; + if (!wpa_s) + return wpas_dbus_error_no_p2p_mgmt_iface(message); config = wpa_s->conf; ssid = config->ssid;