DPP: Discard DPP Action frame in AP mode if no global DPP context

For AP mode in wpa_supplicant, e.g., for P2P GO interfaces, the global
DPP context does not exist support DPP functionality and this could
result in dereferencing a NULL pointer in wpa_supplicant if an
unexpected frame is received. Discard the received DPP Action frames in
such cases instead of trying to process them.

Fixes: e00f780e2bdd ("DPP2: hostapd as TCP Relay")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 3dc463992544f0986ccc208b9302ec85ae09ae29..3725a294d5e74860c98b1b89db34239abc9c5bcc 100644 (file)
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -2958,6 +2958,10 @@ void hostapd_dpp_rx_action(struct hostapd_data *hapd, const u8 *src,
        const u8 *hdr;
        unsigned int pkex_t;
 
+       /* Discard DPP Action frames if there is no global DPP context */
+       if (!hapd->iface->interfaces || !hapd->iface->interfaces->dpp)
+               return;
+
        if (len < DPP_HDR_LEN)
                return;
        if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)