From 87775e32f684ece761d7c927ffeae1ab7295ce89 Mon Sep 17 00:00:00 2001 From: Zhaoyang Liu Date: Thu, 5 Mar 2020 11:25:00 +0800 Subject: [PATCH] Fix segmentation fault for NULL confname in SAVE_CONFIG When wpa_supplicant interface is added without a configuration file, the SAVE_CONFIG command causes a segmentation fault due to referencing a NULL pointer if the update_config parameter is first explicitly enabled. Fix the issue by checking the confname for NULL before saving configuration. Signed-off-by: Jouni Malinen --- wpa_supplicant/config_file.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c index 4c37b61a0..b8e56f5b2 100644 --- a/wpa_supplicant/config_file.c +++ b/wpa_supplicant/config_file.c @@ -1612,9 +1612,16 @@ int wpa_config_write(const char *name, struct wpa_config *config) #endif /* CONFIG_NO_CONFIG_BLOBS */ int ret = 0; const char *orig_name = name; - int tmp_len = os_strlen(name) + 5; /* allow space for .tmp suffix */ - char *tmp_name = os_malloc(tmp_len); + int tmp_len; + char *tmp_name; + if (!name) { + wpa_printf(MSG_ERROR, "No configuration file for writing"); + return -1; + } + + tmp_len = os_strlen(name) + 5; /* allow space for .tmp suffix */ + tmp_name = os_malloc(tmp_len); if (tmp_name) { os_snprintf(tmp_name, tmp_len, "%s.tmp", name); name = tmp_name;