wpa_cli: Fix NULL dereference on printf string argument

In wpa_cli_cmd_interface(), try_connection(), and main(), ctrl_ifname
may be NULL and could be dereferenced depending on the printf()
implementation.

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>

diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index d2face01369ddf9f98dfad7286b038866fa7890f..79619f2dbba83352bc7d1209b092a323aaf1e02e 100644 (file)
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -1577,6 +1577,10 @@ static int wpa_cli_cmd_interface(struct wpa_ctrl *ctrl, int argc, char *argv[])
        wpa_cli_close_connection();
        os_free(ctrl_ifname);
        ctrl_ifname = os_strdup(argv[0]);
+       if (!ctrl_ifname) {
+               printf("Failed to allocate memory\n");
+               return 0;
+       }
 
        if (wpa_cli_open_connection(ctrl_ifname, 1) == 0) {
                printf("Connected to interface '%s.\n", ctrl_ifname);
@@ -3743,7 +3747,8 @@ static void try_connection(void *eloop_ctx, void *timeout_ctx)
        if (!wpa_cli_open_connection(ctrl_ifname, 1) == 0) {
                if (!warning_displayed) {
                        printf("Could not connect to wpa_supplicant: "
-                              "%s - re-trying\n", ctrl_ifname);
+                              "%s - re-trying\n",
+                              ctrl_ifname ? ctrl_ifname : "(nil)");
                        warning_displayed = 1;
                }
                eloop_register_timeout(1, 0, try_connection, NULL, NULL);
@@ -4004,7 +4009,8 @@ int main(int argc, char *argv[])
                    wpa_cli_open_connection(ctrl_ifname, 0) < 0) {
                        fprintf(stderr, "Failed to connect to non-global "
                                "ctrl_ifname: %s  error: %s\n",
-                               ctrl_ifname, strerror(errno));
+                               ctrl_ifname ? ctrl_ifname : "(nil)",
+                               strerror(errno));
                        return -1;
                }