From 4ed10754e8747085ec8f116cc5e0ed7d0aaae7f7 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 21 Mar 2021 11:47:39 +0200
Subject: [PATCH] DPP: Fix GAS client error case handling in hostapd

The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.

This is similar to the earlier wpa_supplicant fix in commit 931f7ff65609
("DPP: Fix GAS client error case handling").

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/ap/dpp_hostapd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 6e44bdadf..aaeb94c2f 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -915,7 +915,8 @@ static void hostapd_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
 		wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
 		return;
 	}
-	if (!resp || status_code != WLAN_STATUS_SUCCESS) {
+	if (result != GAS_QUERY_AP_SUCCESS ||
+	    !resp || status_code != WLAN_STATUS_SUCCESS) {
 		wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
 		goto fail;
 	}