From 572f1ead196a88b16375c25b743c76459a97272d Mon Sep 17 00:00:00 2001 From: Ilan Peer Date: Thu, 8 Oct 2015 12:35:56 +0300 Subject: [PATCH] P2PS: Fix possible NULL pointer dereference in PD exchange It is possible that p2p_build_prov_disc_resp() is called with a NULL device entry, which might be dereferenced when calling p2p->cfg->get_persistent_group() for the P2PS with persistent group case. Fix this by checking the device pointer before accessing it. Signed-off-by: Ilan Peer --- src/p2p/p2p_pd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c index 6363e3609..166d0dac1 100644 --- a/src/p2p/p2p_pd.c +++ b/src/p2p/p2p_pd.c @@ -301,7 +301,7 @@ static struct wpabuf * p2p_build_prov_disc_resp(struct p2p_data *p2p, group_capab); p2p_buf_add_device_info(buf, p2p, NULL); - if (persist_ssid && p2p->cfg->get_persistent_group && + if (persist_ssid && p2p->cfg->get_persistent_group && dev && (status == P2P_SC_SUCCESS || status == P2P_SC_SUCCESS_DEFERRED)) { u8 ssid[SSID_MAX_LEN];