D-Bus: Fix P2P GroupStarted signal not to use uninitialized IP buffer

wpas_p2p_completed() used wpa_sm_get_p2p_ip_addr() return value properly
for filling in the ip_addr[] string only if the IP addresses got
assigned, but the raw ip[] array was passed to
wpas_dbus_signal_p2p_group_started() regardless of whether the IP
addresses were assigned. This could result in using uninitialized stack
memory for constructing the GroupStarted signal values. Fix this by
filling those in only if the IP addressed are actually available.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-04-15 20:27:52 +03:00 committed by Jouni Malinen
parent 6541b9dbe7
commit 2e70e807c8

View File

@ -7215,7 +7215,7 @@ void wpas_p2p_completed(struct wpa_supplicant *wpa_s)
u8 go_dev_addr[ETH_ALEN];
int persistent;
int freq;
u8 ip[3 * 4];
u8 ip[3 * 4], *ip_ptr = NULL;
char ip_addr[100];
if (ssid == NULL || ssid->mode != WPAS_MODE_P2P_GROUP_FORMATION) {
@ -7262,6 +7262,7 @@ void wpas_p2p_completed(struct wpa_supplicant *wpa_s)
ip[8], ip[9], ip[10], ip[11]);
if (os_snprintf_error(sizeof(ip_addr), res))
ip_addr[0] = '\0';
ip_ptr = ip;
}
wpas_p2p_group_started(wpa_s, 0, ssid, freq,
@ -7274,7 +7275,7 @@ void wpas_p2p_completed(struct wpa_supplicant *wpa_s)
wpas_p2p_store_persistent_group(wpa_s->p2pdev,
ssid, go_dev_addr);
wpas_notify_p2p_group_started(wpa_s, ssid, persistent, 1, ip);
wpas_notify_p2p_group_started(wpa_s, ssid, persistent, 1, ip_ptr);
}