DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

FILS: Check for potential NULL return

Browse source 
hostapd_eid_assoc_fils_session() might return NULL if memory allocation
fails. This NULL value then will be used for invalid calculation and
cause unspecified behavior or be dereferenced unexpectedly. Avoid this
with an explicit check of the returned pointer.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
This commit is contained in:
Chenming Huang 2024-07-16 15:27:19 +08:00 committed by Jouni Malinen
parent 376adfea8d
commit 13648dde91
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/ap/drv_callbacks.c
View file

@ -73,6 +73,8 @@ void hostapd_notify_assoc_fils_finish(struct hostapd_data *hapd,
p = hostapd_eid_assoc_fils_session(sta->wpa_sm, p, p = hostapd_eid_assoc_fils_session(sta->wpa_sm, p,
elems.fils_session, elems.fils_session,
sta->fils_hlp_resp); sta->fils_hlp_resp);
if (!p)
return;
reply_res = hostapd_sta_assoc(hapd, sta->addr, reply_res = hostapd_sta_assoc(hapd, sta->addr,
sta->fils_pending_assoc_is_reassoc, sta->fils_pending_assoc_is_reassoc,
@ -777,6 +779,9 @@ skip_wpa_check:
p = hostapd_eid_assoc_fils_session(sta->wpa_sm, p, p = hostapd_eid_assoc_fils_session(sta->wpa_sm, p,
elems.fils_session, elems.fils_session,
sta->fils_hlp_resp); sta->fils_hlp_resp);
if (!p)
goto fail;
wpa_hexdump(MSG_DEBUG, "FILS Assoc Resp BUF (IEs)", wpa_hexdump(MSG_DEBUG, "FILS Assoc Resp BUF (IEs)",
buf, p - buf); buf, p - buf);
} }