FILS: Fix send_assoc_resp() HLP extension to cover sta == NULL

Commit 91d91abf6f ('FILS: DHCP relay for
HLP requests') added steps that are conditional on sta->fils_hlp_resp
being non-NULL. One of these cases within send_assoc_resp() was properly
protected from sta == NULL error case (that is now possible after a
recent DMG change), but the first one was not. A DMG error case in a
CONFIG_FILS=y build could have hit a NULL pointer dereference here. Fix
this by verifying sta != NULL more consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-02-05 16:40:15 +02:00
parent 1fb4437c80
commit 84bb12aa6d

View file

@ -2274,7 +2274,7 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
buflen = sizeof(struct ieee80211_mgmt) + 1024;
#ifdef CONFIG_FILS
if (sta->fils_hlp_resp)
if (sta && sta->fils_hlp_resp)
buflen += wpabuf_len(sta->fils_hlp_resp);
#endif /* CONFIG_FILS */
buf = os_zalloc(buflen);