DPP: Avoid a potential use-after-free on an error path in AP
The TX status handler for DPP Authentication Confirm message might have resulted in use-after-free if the start of a GAS query were to fail, e.g., due to being somehow unable to transmit the initial request. Avoid this by explicitly confirming that the authentication session was not removed. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
32940c7a44
commit
1c90c8d24e
1 changed files with 8 additions and 1 deletions
|
|
@ -539,8 +539,15 @@ void hostapd_dpp_tx_status(struct hostapd_data *hapd, const u8 *dst,
|
|||
return;
|
||||
}
|
||||
|
||||
if (hapd->dpp_auth_ok_on_ack)
|
||||
if (hapd->dpp_auth_ok_on_ack) {
|
||||
hostapd_dpp_auth_success(hapd, 1);
|
||||
if (!hapd->dpp_auth) {
|
||||
/* The authentication session could have been removed in
|
||||
* some error cases, e.g., when starting GAS client and
|
||||
* failing to send the initial request. */
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (!is_broadcast_ether_addr(dst) && !ok) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue