@@ -309,17 +309,21 @@ static struct wpabuf * p2p_build_prov_disc_resp(struct p2p_data *p2p,
u8 go_dev_addr[ETH_ALEN];
u8 intended_addr[ETH_ALEN];
- persist = p2p->cfg->get_persistent_group(
- p2p->cfg->cb_ctx,
- dev->info.p2p_device_addr,
- persist_ssid, persist_ssid_len, go_dev_addr,
- ssid, &ssid_len, intended_addr);
- if (persist) {
- p2p_buf_add_persistent_group_info(
- buf, go_dev_addr, ssid, ssid_len);
- if (!is_zero_ether_addr(intended_addr))
- p2p_buf_add_intended_addr(
- buf, intended_addr);
+ if (dev) {
+ persist = p2p->cfg->get_persistent_group(
+ p2p->cfg->cb_ctx,
+ dev->info.p2p_device_addr,
+ persist_ssid, persist_ssid_len,
+ go_dev_addr,
+ ssid, &ssid_len, intended_addr);
+ if (persist) {
+ p2p_buf_add_persistent_group_info(
+ buf, go_dev_addr, ssid,
+ ssid_len);
+ if (!is_zero_ether_addr(intended_addr))
+ p2p_buf_add_intended_addr(
+ buf, intended_addr);
+ }
}
}
It is possible that p2p_build_prov_disc_resp() is called with a NULL device entry, which might be de-referenced when call p2p->cfg->get_persistent_group(). Fix this by checking the device pointer before accessing it. Signed-off-by: Ilan Peer <ilan.peer@intel.com> --- src/p2p/p2p_pd.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-)