From 0a0c38f63d825b352deb819b32a0fb1203eb936c Mon Sep 17 00:00:00 2001 From: Masashi Honma Date: Sat, 11 Aug 2012 17:46:58 +0300 Subject: [PATCH] Do not proceed with association if get_bssid() returns failure This is the normal flow for association: wpa_supplicant <--(EVENT_ASSOC event )-- device driver wpa_supplicant --( get_bssid() )--> device driver wpa_supplicant <--( return BSSID )-- device driver However, a device driver could return EINVAL for get_bssid() because it recognizes it has already been disconnected. When the wpa_supplicant received EINVAL, the bssid field could be used uninitialized in the following flow: wpa_supplicant <--(EVENT_ASSOC event )-- device driver device driver (receive deauth) wpa_supplicant --( get_bssid() )--> device driver wpa_supplicant <--( return EINVAL )-- device driver Prevent this by requiring the get_bssid() call to succeed when processing association events. --- wpa_supplicant/events.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 3b52f2d44..8f401504c 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -1524,9 +1524,15 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, if (data && wpa_supplicant_event_associnfo(wpa_s, data) < 0) return; + if (wpa_drv_get_bssid(wpa_s, bssid) < 0) { + wpa_dbg(wpa_s, MSG_ERROR, "Failed to get BSSID"); + wpa_supplicant_disassociate( + wpa_s, WLAN_REASON_DEAUTH_LEAVING); + return; + } + wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED); - if (wpa_drv_get_bssid(wpa_s, bssid) >= 0 && - os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) { + if (os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) { wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID=" MACSTR, MAC2STR(bssid)); random_add_randomness(bssid, ETH_ALEN);