From: Benjamin Berg <benjamin.berg@xxxxxxxxx>
The dialog token must be non-zero. We are using this fact internally to
track the state in some cases, so ensure that the assumption is valid.
Signed-off-by: Benjamin Berg <benjamin.berg@xxxxxxxxx>
---
wpa_supplicant/wnm_sta.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 4a3fd5eb1..f0cbf914c 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c
@@ -1347,6 +1347,12 @@ static void ieee802_11_rx_bss_trans_mgmt_req(struct wpa_supplicant *wpa_s,
wpa_s->wnm_dialog_token, wpa_s->wnm_mode,
wpa_s->wnm_dissoc_timer, valid_int);
+ if (!wpa_s->wnm_dialog_token) {
+ wpa_printf(MSG_DEBUG, "WNM: invalid dialog token");
+ wnm_btm_reset(wpa_s);
+ return;
+ }
+
#if defined(CONFIG_MBO) && defined(CONFIG_TESTING_OPTIONS)
if (wpa_s->reject_btm_req_reason) {
wpa_printf(MSG_INFO,
--
2.44.0
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
