UBSan: Fix RRM beacon processing attempt without scan_info

Some driver interfaces (e.g., wext) might not include the
data->scan_info information and data could be NULL here. Do not try to
call the RRM handler in this case since that would dereference the NULL
pointer when determining where scan_info is located and could
potentially result in trying to read from unexpected location if RRM is
enabled with a driver interface that does not support it.

events.c:1907:59: runtime error: member access within null pointer of type 'union wpa_event_data'

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-02-23 12:59:10 +02:00
parent 01d01a311c
commit e3b5bd81bd

View file

@ -1,6 +1,6 @@
/* /*
* WPA Supplicant - Driver event processing * WPA Supplicant - Driver event processing
* Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi> * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -1903,7 +1903,7 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
if (sme_proc_obss_scan(wpa_s) > 0) if (sme_proc_obss_scan(wpa_s) > 0)
goto scan_work_done; goto scan_work_done;
if (own_request && if (own_request && data &&
wpas_beacon_rep_scan_process(wpa_s, scan_res, &data->scan_info) > 0) wpas_beacon_rep_scan_process(wpa_s, scan_res, &data->scan_info) > 0)
goto scan_work_done; goto scan_work_done;