D-Bus: Fix P2P GroupStarted signal not to use uninitialized IP buffer

wpas_p2p_completed() used wpa_sm_get_p2p_ip_addr() return value properly
for filling in the ip_addr[] string only if the IP addresses got
assigned, but the raw ip[] array was passed to
wpas_dbus_signal_p2p_group_started() regardless of whether the IP
addresses were assigned. This could result in using uninitialized stack
memory for constructing the GroupStarted signal values. Fix this by
filling those in only if the IP addressed are actually available.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 412903f1d6e2eaef1b7eff2393b4ee27528d6702..3f2b47b7e72d8d154159f1526554e433d2554cd1 100644 (file)
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -7215,7 +7215,7 @@ void wpas_p2p_completed(struct wpa_supplicant *wpa_s)
        u8 go_dev_addr[ETH_ALEN];
        int persistent;
        int freq;
-       u8 ip[3 * 4];
+       u8 ip[3 * 4], *ip_ptr = NULL;
        char ip_addr[100];
 
        if (ssid == NULL || ssid->mode != WPAS_MODE_P2P_GROUP_FORMATION) {
@@ -7262,6 +7262,7 @@ void wpas_p2p_completed(struct wpa_supplicant *wpa_s)
                                  ip[8], ip[9], ip[10], ip[11]);
                if (os_snprintf_error(sizeof(ip_addr), res))
                        ip_addr[0] = '\0';
+               ip_ptr = ip;
        }
 
        wpas_p2p_group_started(wpa_s, 0, ssid, freq,
@@ -7274,7 +7275,7 @@ void wpas_p2p_completed(struct wpa_supplicant *wpa_s)
                wpas_p2p_store_persistent_group(wpa_s->p2pdev,
                                                ssid, go_dev_addr);
 
-       wpas_notify_p2p_group_started(wpa_s, ssid, persistent, 1, ip);
+       wpas_notify_p2p_group_started(wpa_s, ssid, persistent, 1, ip_ptr);
 }