WNM: Fix potential NULL pointer dereference during assoc response handling

In the send_assoc_resp() function, there’s a chance that the sta
argument could be NULL. Therefore, it’s crucial not to directly
dereference sta without first checking whether it’s a valid pointer.
However, commit 58ac46baf7b0 (“WNM: AP configuration to allow BSS max
idle period requests”) introduces direct dereferencing of max idle
period from sta, which might lead to a NULL pointer dereference. Fix
this now.

Fixes: 58ac46baf7b0 ("WNM: AP configuration to allow BSS max idle period requests")
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c0e5cff5a00578ec12f6442fae5f52725823bac9..5e484641a6e4602dfa6570eb171f00bfc575272b 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -5014,7 +5014,8 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
 #endif /* CONFIG_IEEE80211AX */
 
        p = hostapd_eid_ext_capab(hapd, p, false);
-       p = hostapd_eid_bss_max_idle_period(hapd, p, sta->max_idle_period);
+       p = hostapd_eid_bss_max_idle_period(hapd, p,
+                                           sta ? sta->max_idle_period : 0);
        if (sta && sta->qos_map_enabled)
                p = hostapd_eid_qos_map_set(hapd, p);