mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
Fix wpa_supplicant AP mode P2P IE handling if P2P is disabled
If P2P support is included in wpa_supplicant build (CONFIG_P2P=y), but P2P functionality is explicitly disabled (e.g., "P2P_SET disabled 1"), couple of AP management frame processing steps did not check against hapd->p2p_group being NULL and could end up dereferencing a NULL pointer if a Probe Request frame or (Re)Association Request frame was received with a P2P IE in it. Fix this by skipping these steps if hapd->p2p_group is NULL. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
92acb40a2b
commit
4f6cd3f426
@ -731,7 +731,7 @@ void handle_probe_req(struct hostapd_data *hapd,
|
||||
}
|
||||
|
||||
#ifdef CONFIG_P2P
|
||||
if (hapd->p2p && elems.wps_ie) {
|
||||
if (hapd->p2p && hapd->p2p_group && elems.wps_ie) {
|
||||
struct wpabuf *wps;
|
||||
wps = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA);
|
||||
if (wps && !p2p_group_match_dev_type(hapd->p2p_group, wps)) {
|
||||
@ -744,7 +744,7 @@ void handle_probe_req(struct hostapd_data *hapd,
|
||||
wpabuf_free(wps);
|
||||
}
|
||||
|
||||
if (hapd->p2p && elems.p2p) {
|
||||
if (hapd->p2p && hapd->p2p_group && elems.p2p) {
|
||||
struct wpabuf *p2p;
|
||||
p2p = ieee802_11_vendor_ie_concat(ie, ie_len, P2P_IE_VENDOR_TYPE);
|
||||
if (p2p && !p2p_group_match_dev_id(hapd->p2p_group, p2p)) {
|
||||
|
@ -1737,7 +1737,7 @@ static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
||||
#endif /* CONFIG_WPS */
|
||||
|
||||
#ifdef CONFIG_P2P
|
||||
if (sta->p2p_ie) {
|
||||
if (sta->p2p_ie && hapd->p2p_group) {
|
||||
struct wpabuf *p2p_resp_ie;
|
||||
enum p2p_status_code status;
|
||||
switch (status_code) {
|
||||
|
Loading…
Reference in New Issue
Block a user