From 414f23d8b930095c96b752cc920c4a69bd35d5a3 Mon Sep 17 00:00:00 2001
From: Eytan Lifshitz <eytan.lifshitz@intel.com>
Date: Sun, 18 Jan 2015 23:56:43 -0500
Subject: [PATCH] Avoid NULL string in printf on EAP method names in
 authenticator

In ieee802_1x_decapsulate_radius(), eap_server_get_name() may return
NULL, and it could be dereferenced depending on printf implementation.
Change it to return "unknown" instead for the case of no matching EAP
method found. This makes it easier for the callers to simply print this
in logs (which is the only use for this function).

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
---
 src/ap/ieee802_1x.c                 | 14 ++++----------
 src/eap_server/eap_server_methods.c |  4 ++--
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index f11a405d1..9d257cc3c 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -1211,15 +1211,11 @@ static void ieee802_1x_decapsulate_radius(struct hostapd_data *hapd,
 		if (eap_type >= 0)
 			sm->eap_type_authsrv = eap_type;
 		os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)",
-			    eap_type >= 0 ? eap_server_get_name(0, eap_type) :
-			    "??",
-			    eap_type);
+			    eap_server_get_name(0, eap_type), eap_type);
 		break;
 	case EAP_CODE_RESPONSE:
 		os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)",
-			    eap_type >= 0 ? eap_server_get_name(0, eap_type) :
-			    "??",
-			    eap_type);
+			    eap_server_get_name(0, eap_type), eap_type);
 		break;
 	case EAP_CODE_SUCCESS:
 		os_strlcpy(buf, "EAP Success", sizeof(buf));
@@ -2502,10 +2498,8 @@ int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
 	ret = os_snprintf(buf + len, buflen - len,
 			  "last_eap_type_as=%d (%s)\n"
 			  "last_eap_type_sta=%d (%s)\n",
-			  sm->eap_type_authsrv,
-			  name1 ? name1 : "",
-			  sm->eap_type_supp,
-			  name2 ? name2 : "");
+			  sm->eap_type_authsrv, name1,
+			  sm->eap_type_supp, name2);
 	if (os_snprintf_error(buflen - len, ret))
 		return len;
 	len += ret;
diff --git a/src/eap_server/eap_server_methods.c b/src/eap_server/eap_server_methods.c
index 0209fad63..9e9dc934e 100644
--- a/src/eap_server/eap_server_methods.c
+++ b/src/eap_server/eap_server_methods.c
@@ -153,7 +153,7 @@ void eap_server_unregister_methods(void)
  * eap_server_get_name - Get EAP method name for the given EAP type
  * @vendor: EAP Vendor-Id (0 = IETF)
  * @type: EAP method type
- * Returns: EAP method name, e.g., TLS, or %NULL if not found
+ * Returns: EAP method name, e.g., TLS, or "unknown" if not found
  *
  * This function maps EAP type numbers into EAP type names based on the list of
  * EAP methods included in the build.
@@ -167,5 +167,5 @@ const char * eap_server_get_name(int vendor, EapType type)
 		if (m->vendor == vendor && m->method == type)
 			return m->name;
 	}
-	return NULL;
+	return "unknown";
 }