[PATCH 4/7] wpa_supplicant: fix null pointer dereference, and unneeded null check.
Ilan Peer
ilan.peer
Mon Feb 10 02:55:06 PST 2014
From: Eytan Lifshitz <eytan.lifshitz at intel.com>
1. In void send_assoc_resp(), sta is checked for null, although
it can't be null.
2. In hostapd_logger_cb(), module_str is checked for NULL, and then
dereferenced anyway.
Signed-hostap: Eytan Lifshitz <eytan.lifshitz at intel.com>
---
hostapd/main.c | 3 ++-
src/ap/ieee802_11.c | 3 +--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/hostapd/main.c b/hostapd/main.c
index 5a1b0a9..cd73511 100644
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -91,7 +91,8 @@ static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
if (hapd && hapd->conf && addr)
os_snprintf(format, maxlen, "%s: STA " MACSTR "%s%s: %s",
hapd->conf->iface, MAC2STR(addr),
- module_str ? " " : "", module_str, txt);
+ module_str ? " " : "", module_str ? module_str : "",
+ txt);
else if (hapd && hapd->conf)
os_snprintf(format, maxlen, "%s:%s%s %s",
hapd->conf->iface, module_str ? " " : "",
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 0f67883..9dc50ce 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1127,8 +1127,7 @@ static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
reply->u.assoc_resp.capab_info =
host_to_le16(hostapd_own_capab_info(hapd, sta, 0));
reply->u.assoc_resp.status_code = host_to_le16(status_code);
- reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0)
- | BIT(14) | BIT(15));
+ reply->u.assoc_resp.aid = host_to_le16(sta->aid | BIT(14) | BIT(15));
/* Supported rates */
p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
/* Extended supported rates */
--
1.7.10.4
More information about the Hostap
mailing list