IBSS RSN: Check explicitly that WPA auth sm assoc call succeeded

Verify that association processing did not end up freeing the state
machine. This should not really happen in practice, but better verify
it anyway.

src/ap/wpa_auth.c

@@ -493,26 +493,25 @@ wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
 }
 
 
-void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
-			     struct wpa_state_machine *sm)
+int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
+			    struct wpa_state_machine *sm)
 {
 	if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
-		return;
+		return -1;
 
 #ifdef CONFIG_IEEE80211R
 	if (sm->ft_completed) {
 		wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
 				"FT authentication already completed - do not "
 				"start 4-way handshake");
-		return;
+		return 0;
 	}
 #endif /* CONFIG_IEEE80211R */
 
 	if (sm->started) {
 		os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
 		sm->ReAuthenticationRequest = TRUE;
-		wpa_sm_step(sm);
-		return;
+		return wpa_sm_step(sm);
 	}
 
 	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
@@ -521,10 +520,10 @@ void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
 
 	sm->Init = TRUE;
 	if (wpa_sm_step(sm) == 1)
-		return; /* should not really happen */
+		return 1; /* should not really happen */
 	sm->Init = FALSE;
 	sm->AuthenticationRequest = TRUE;
-	wpa_sm_step(sm);
+	return wpa_sm_step(sm);
 }
 
 
@@ -1178,12 +1177,12 @@ void wpa_remove_ptk(struct wpa_state_machine *sm)
 }
 
 
-void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
+int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
 {
 	int remove_ptk = 1;
 
 	if (sm == NULL)
-		return;
+		return -1;
 
 	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
 			 "event %d notification", event);
@@ -1213,7 +1212,7 @@ void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
 #ifdef CONFIG_IEEE80211R
 		/* Using FT protocol, not WPA auth state machine */
 		sm->ft_completed = 1;
-		return;
+		return 0;
 #else /* CONFIG_IEEE80211R */
 		break;
 #endif /* CONFIG_IEEE80211R */
@@ -1236,7 +1235,7 @@ void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
 			wpa_remove_ptk(sm);
 	}
 
-	wpa_sm_step(sm);
+	return wpa_sm_step(sm);
 }
 
 

src/ap/wpa_auth.h

@@ -219,8 +219,8 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 int wpa_auth_uses_mfp(struct wpa_state_machine *sm);
 struct wpa_state_machine *
 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr);
-void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
-			     struct wpa_state_machine *sm);
+int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
+			    struct wpa_state_machine *sm);
 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm);
 void wpa_auth_sta_deinit(struct wpa_state_machine *sm);
 void wpa_receive(struct wpa_authenticator *wpa_auth,
@@ -231,7 +231,7 @@ typedef enum {
 	WPA_REAUTH_EAPOL, WPA_ASSOC_FT
 } wpa_event;
 void wpa_remove_ptk(struct wpa_state_machine *sm);
-void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event);
+int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event);
 void wpa_auth_sm_notify(struct wpa_state_machine *sm);
 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth);
 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen);

wpa_supplicant/ibss_rsn.c

@@ -326,9 +326,11 @@ static int ibss_rsn_auth_init(struct ibss_rsn *ibss_rsn,
 		return -1;
 	}
 
-	wpa_auth_sm_event(peer->auth, WPA_ASSOC);
+	if (wpa_auth_sm_event(peer->auth, WPA_ASSOC))
+		return -1;
 
-	wpa_auth_sta_associated(ibss_rsn->auth_group, peer->auth);
+	if (wpa_auth_sta_associated(ibss_rsn->auth_group, peer->auth))
+		return -1;
 
 	return 0;
 }