From dd895e99647a2caa99d86231901bdcd81a4813fa Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 30 Nov 2015 01:25:24 +0200 Subject: [PATCH] P2P: Make p2p_go_configured() more robust against unexpected calls A hwsim test sequence was able to hit a SIGSEGV in p2p_go_save_group_common_freqs() called by p2p_go_configured() callback in a case where a non-P2P AP mode operation is started in wpa_supplicant (wpas_ap_wep test case). This callback should not have happened for non-P2P case and the debug logs did not make it clear how this could happen. In addition, it is unclear how this could be reproduced. To avoid this type of issues, clear the wpa_s->ap_configured_cb pointer as soon as the first call to the function happens. In addition, verify that wpa_s->go_params is available before processing the GO configured callback. Signed-off-by: Jouni Malinen --- wpa_supplicant/p2p_supplicant.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c index c290a4e3f..a60ae6e67 100644 --- a/wpa_supplicant/p2p_supplicant.c +++ b/wpa_supplicant/p2p_supplicant.c @@ -1748,6 +1748,15 @@ static void p2p_go_configured(void *ctx, void *data) struct wpa_ssid *ssid; int network_id = -1; + wpa_s->ap_configured_cb = NULL; + wpa_s->ap_configured_cb_ctx = NULL; + wpa_s->ap_configured_cb_data = NULL; + if (!wpa_s->go_params) { + wpa_printf(MSG_ERROR, + "P2P: p2p_go_configured() called with wpa_s->go_params == NULL"); + return; + } + p2p_go_save_group_common_freqs(wpa_s, params); p2p_go_dump_common_freqs(wpa_s);