From: Jouni Malinen <j@w1.fi>
Date: Mon, 30 Dec 2024 16:31:21 +0000 (+0200)
Subject: WNM: A more explicit check for a connection
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e04dac3c04c1969f6e72aea430bd00d465f0faa;p=thirdparty%2Fhostap.git

WNM: A more explicit check for a connection

wnm_scan_process() was only implicitly verifying that there is an
association based on wpa_s->wnm_dialog_token having been set. While that
may be sufficient for normal uses within wpa_supplicant, this was not
covered in a separate WNM fuzzer. Add an explicit check for
wpa_s->current_ssid to be set within wnm_scan_process() to avoid
unexpected behavior if something were to allow wnm_dialog_token to be
set when not actually associated.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 946f8c96b..187da1133 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c
@@ -1011,7 +1011,7 @@ int wnm_scan_process(struct wpa_supplicant *wpa_s, bool pre_scan_check)
 		MBO_TRANSITION_REJECT_REASON_UNSPECIFIED;
 	struct wpa_ssid *selected_ssid = NULL;
 
-	if (!wpa_s->wnm_dialog_token)
+	if (!ssid || !wpa_s->wnm_dialog_token)
 		return 0;
 
 	wpa_dbg(wpa_s, MSG_DEBUG,