From: Hu Wang Date: Mon, 6 Jan 2025 03:23:41 +0000 (-0800) Subject: DPP: Discard DPP Action frame in AP mode if no global DPP context X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9cb7b0bcea5cdbddb49e05ca4b917a4b3bd39b2e;p=thirdparty%2Fhostap.git DPP: Discard DPP Action frame in AP mode if no global DPP context For AP mode in wpa_supplicant, e.g., for P2P GO interfaces, the global DPP context does not exist support DPP functionality and this could result in dereferencing a NULL pointer in wpa_supplicant if an unexpected frame is received. Discard the received DPP Action frames in such cases instead of trying to process them. Fixes: e00f780e2bdd ("DPP2: hostapd as TCP Relay") Signed-off-by: Jouni Malinen --- diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c index 3dc463992..3725a294d 100644 --- a/src/ap/dpp_hostapd.c +++ b/src/ap/dpp_hostapd.c @@ -2958,6 +2958,10 @@ void hostapd_dpp_rx_action(struct hostapd_data *hapd, const u8 *src, const u8 *hdr; unsigned int pkex_t; + /* Discard DPP Action frames if there is no global DPP context */ + if (!hapd->iface->interfaces || !hapd->iface->interfaces->dpp) + return; + if (len < DPP_HDR_LEN) return; if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)