From 84bb12aa6da3c8a1ea8f30352999000aa72fc41a Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 5 Feb 2017 16:40:15 +0200 Subject: [PATCH] FILS: Fix send_assoc_resp() HLP extension to cover sta == NULL Commit 91d91abf6f9bf420643a9245b63f5ac8c6bbb18a ('FILS: DHCP relay for HLP requests') added steps that are conditional on sta->fils_hlp_resp being non-NULL. One of these cases within send_assoc_resp() was properly protected from sta == NULL error case (that is now possible after a recent DMG change), but the first one was not. A DMG error case in a CONFIG_FILS=y build could have hit a NULL pointer dereference here. Fix this by verifying sta != NULL more consistently. Signed-off-by: Jouni Malinen --- src/ap/ieee802_11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index d9bc976e3..d060cfad8 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -2274,7 +2274,7 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, buflen = sizeof(struct ieee80211_mgmt) + 1024; #ifdef CONFIG_FILS - if (sta->fils_hlp_resp) + if (sta && sta->fils_hlp_resp) buflen += wpabuf_len(sta->fils_hlp_resp); #endif /* CONFIG_FILS */ buf = os_zalloc(buflen);