From: Jouni Malinen <j@w1.fi>
Date: Mon, 16 Jun 2014 22:55:36 +0000 (+0300)
Subject: TDLS: Fix TPK M1 error case (CID 68214)
X-Git-Tag: hostap_2_3~267
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7efc7f66b1d63b3bbb99d9176f6f68c4d1fc6327;p=thirdparty%2Fhostap.git

TDLS: Fix TPK M1 error case (CID 68214)

Commit 342bce63cdb375bc64ce1cbcdb9e6f48acdea1e3 introduced a possibility
of a NULL pointer dereference on the error path if a new peer entry
fails to get added (i.e., memory allocation failure). Fix that by
skipping the wpa_tdls_peer_free() call if necessary.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index 14139ba9e..59ed2c92d 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -1920,7 +1920,8 @@ skip_rsn_check:
 error:
 	wpa_tdls_send_error(sm, src_addr, WLAN_TDLS_SETUP_RESPONSE, dtoken,
 			    status);
-	wpa_tdls_peer_free(sm, peer);
+	if (peer)
+		wpa_tdls_peer_free(sm, peer);
 	return -1;
 }