From 608b0ff52a9533d067c30cead6ed881bd593e006 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 30 Nov 2014 15:46:09 +0200 Subject: [PATCH] mesh: Check for initialization failures It is possible that these location ended up getting called before mesh startup operations had been completed and that could result in dereferencing NULL pointers. Address those error cases by verifying that the needed parameters are available before using them. Signed-off-by: Jouni Malinen --- wpa_supplicant/mesh_mpm.c | 7 ++++++- wpa_supplicant/mesh_rsn.c | 6 ++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c index 2e5afd96c..3b931f83f 100644 --- a/wpa_supplicant/mesh_mpm.c +++ b/wpa_supplicant/mesh_mpm.c @@ -310,9 +310,14 @@ static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s, wpabuf_put_le16(buf, sta->peer_lid); if (type == PLINK_CLOSE) wpabuf_put_le16(buf, close_reason); - if (ampe) + if (ampe) { + if (sta->sae == NULL) { + wpa_msg(wpa_s, MSG_INFO, "Mesh MPM: no SAE session"); + goto fail; + } mesh_rsn_get_pmkid(wpa_s->mesh_rsn, sta, wpabuf_put(buf, PMKID_LEN)); + } #ifdef CONFIG_IEEE80211N if (type != PLINK_CLOSE && diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c index 4ee3431dc..8354aade0 100644 --- a/wpa_supplicant/mesh_rsn.c +++ b/wpa_supplicant/mesh_rsn.c @@ -329,6 +329,12 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s, struct wpabuf *buf; unsigned int rnd; + if (!ssid) { + wpa_msg(wpa_s, MSG_DEBUG, + "AUTH: No current_ssid known to initiate new SAE"); + return -1; + } + if (!sta->sae) { sta->sae = os_zalloc(sizeof(*sta->sae)); if (sta->sae == NULL)