If the driver provides input on MBO transition candidate handling, the
target value in get_mbo_transition_candidate() can be NULL if the driver
provided BSSID is not found in the wpa_supplicant BSS table. And later
it would be dereferenced. Fix this by adding an explicit check before
dereferencing the pointer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
for (i = 0; i < info->num; i++) {
target = wpa_bss_get_bssid(wpa_s,
info->candidates[i].bssid);
- if (target->level <
- wpa_s->conf->disassoc_imminent_rssi_threshold)
+ if (target &&
+ (target->level <
+ wpa_s->conf->disassoc_imminent_rssi_threshold))
continue;
goto end;
}