Avoid NULL dereference in ieee802_1x_get_mib_sta() printf
In function ieee802_1x_get_mib_sta(), eap_server_get_name() may return NULL, and it could be dereferenced immidiately by os_snprintf() (if the snprintf implementation does not handle NULL pointer). Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
This commit is contained in:
parent
97efe70b60
commit
6ceb95c950
1 changed files with 6 additions and 2 deletions
|
@ -1953,6 +1953,8 @@ int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
int len = 0, ret;
|
int len = 0, ret;
|
||||||
struct eapol_state_machine *sm = sta->eapol_sm;
|
struct eapol_state_machine *sm = sta->eapol_sm;
|
||||||
struct os_reltime diff;
|
struct os_reltime diff;
|
||||||
|
const char *name1;
|
||||||
|
const char *name2;
|
||||||
|
|
||||||
if (sm == NULL)
|
if (sm == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -2088,13 +2090,15 @@ int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
return len;
|
return len;
|
||||||
len += ret;
|
len += ret;
|
||||||
|
|
||||||
|
name1 = eap_server_get_name(0, sm->eap_type_authsrv);
|
||||||
|
name2 = eap_server_get_name(0, sm->eap_type_supp);
|
||||||
ret = os_snprintf(buf + len, buflen - len,
|
ret = os_snprintf(buf + len, buflen - len,
|
||||||
"last_eap_type_as=%d (%s)\n"
|
"last_eap_type_as=%d (%s)\n"
|
||||||
"last_eap_type_sta=%d (%s)\n",
|
"last_eap_type_sta=%d (%s)\n",
|
||||||
sm->eap_type_authsrv,
|
sm->eap_type_authsrv,
|
||||||
eap_server_get_name(0, sm->eap_type_authsrv),
|
name1 ? name1 : "",
|
||||||
sm->eap_type_supp,
|
sm->eap_type_supp,
|
||||||
eap_server_get_name(0, sm->eap_type_supp));
|
name2 ? name2 : "");
|
||||||
if (ret < 0 || (size_t) ret >= buflen - len)
|
if (ret < 0 || (size_t) ret >= buflen - len)
|
||||||
return len;
|
return len;
|
||||||
len += ret;
|
len += ret;
|
||||||
|
|
Loading…
Reference in a new issue