hello Beniamino,
On Tue, Oct 1, 2019 at 10:46 AM Beniamino Galvani <bgalvani@xxxxxxxxxx> wrote:
>
> On Wed, Sep 25, 2019 at 07:22:43PM +0200, Davide Caratti wrote:
> > when the P2P management interface is deleted, P2P is then disabled and
> > global->p2p_init_wpa_s is set to NULL. After that, other interfaces can
> > still trigger P2P functions (like wpas_p2p_find()) using d-bus. This
> > makes wpa_supplicant terminate with SIGSEGV, because it dereferences a
> > NULL pointer: fix this adding proper checks, like it's done with wpa_cli.
> >
> > CC: Beniamino Galvani <bgalvani@xxxxxxxxxx>
> > CC: Benjamin Berg <benjamin@xxxxxxxxxxxxxxxx>
> > Reported-by: Vladimir Benes <vbenes@xxxxxxxxxx>
> > Signed-off-by: Davide Caratti <davide.caratti@xxxxxxxxx>
> > ---
> > wpa_supplicant/dbus/dbus_new_handlers_p2p.c | 66 ++++++++++++++++++++-
> > 1 file changed, 65 insertions(+), 1 deletion(-)
> >
[...]
> > @@ -145,6 +169,10 @@ DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
> > }
> >
> > wpa_s = wpa_s->global->p2p_init_wpa_s;
> > + if (!wpa_s) {
> > + reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
> > + goto error;
> > + }
>
> The reply is overwritten in the error label, so either return directly
> here (freeing req_dev_types) or add a new label.
thanks for spotting this, it was unintended :-)
sure, I will fix it and send a v2.
--
davide
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
