From: Eytan Lifshitz <eytan.lifshitz@intel.com>
Date: Mon, 10 Feb 2014 10:55:09 +0000 (+0200)
Subject: Avoid NULL dereference in ieee802_1x_get_mib_sta() printf
X-Git-Tag: hostap_2_2~866
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ceb95c950f195322858f7c5dee69b6ab26f31a3;p=thirdparty%2Fhostap.git

Avoid NULL dereference in ieee802_1x_get_mib_sta() printf

In function ieee802_1x_get_mib_sta(), eap_server_get_name() may return
NULL, and it could be dereferenced immidiately by os_snprintf() (if the
snprintf implementation does not handle NULL pointer).

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
---

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 49b30e41c..21f815af2 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -1953,6 +1953,8 @@ int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
 	int len = 0, ret;
 	struct eapol_state_machine *sm = sta->eapol_sm;
 	struct os_reltime diff;
+	const char *name1;
+	const char *name2;
 
 	if (sm == NULL)
 		return 0;
@@ -2088,13 +2090,15 @@ int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
 		return len;
 	len += ret;
 
+	name1 = eap_server_get_name(0, sm->eap_type_authsrv);
+	name2 = eap_server_get_name(0, sm->eap_type_supp);
 	ret = os_snprintf(buf + len, buflen - len,
 			  "last_eap_type_as=%d (%s)\n"
 			  "last_eap_type_sta=%d (%s)\n",
 			  sm->eap_type_authsrv,
-			  eap_server_get_name(0, sm->eap_type_authsrv),
+			  name1 ? name1 : "",
 			  sm->eap_type_supp,
-			  eap_server_get_name(0, sm->eap_type_supp));
+			  name2 ? name2 : "");
 	if (ret < 0 || (size_t) ret >= buflen - len)
 		return len;
 	len += ret;