From: Jouni Malinen Date: Fri, 1 Jan 2016 15:12:43 +0000 (+0200) Subject: Fix wpa_supplicant AP mode P2P IE handling if P2P is disabled X-Git-Tag: hostap_2_6~1045 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f6cd3f4262467d2d736f72fbf163e6338dda064;p=thirdparty%2Fhostap.git Fix wpa_supplicant AP mode P2P IE handling if P2P is disabled If P2P support is included in wpa_supplicant build (CONFIG_P2P=y), but P2P functionality is explicitly disabled (e.g., "P2P_SET disabled 1"), couple of AP management frame processing steps did not check against hapd->p2p_group being NULL and could end up dereferencing a NULL pointer if a Probe Request frame or (Re)Association Request frame was received with a P2P IE in it. Fix this by skipping these steps if hapd->p2p_group is NULL. Signed-off-by: Jouni Malinen --- diff --git a/src/ap/beacon.c b/src/ap/beacon.c index 9490e210f..3276d12c2 100644 --- a/src/ap/beacon.c +++ b/src/ap/beacon.c @@ -731,7 +731,7 @@ void handle_probe_req(struct hostapd_data *hapd, } #ifdef CONFIG_P2P - if (hapd->p2p && elems.wps_ie) { + if (hapd->p2p && hapd->p2p_group && elems.wps_ie) { struct wpabuf *wps; wps = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA); if (wps && !p2p_group_match_dev_type(hapd->p2p_group, wps)) { @@ -744,7 +744,7 @@ void handle_probe_req(struct hostapd_data *hapd, wpabuf_free(wps); } - if (hapd->p2p && elems.p2p) { + if (hapd->p2p && hapd->p2p_group && elems.p2p) { struct wpabuf *p2p; p2p = ieee802_11_vendor_ie_concat(ie, ie_len, P2P_IE_VENDOR_TYPE); if (p2p && !p2p_group_match_dev_id(hapd->p2p_group, p2p)) { diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 54cd698aa..ec6f8a76b 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -1737,7 +1737,7 @@ static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, #endif /* CONFIG_WPS */ #ifdef CONFIG_P2P - if (sta->p2p_ie) { + if (sta->p2p_ie && hapd->p2p_group) { struct wpabuf *p2p_resp_ie; enum p2p_status_code status; switch (status_code) {