[PATCH 2/7] TDLS: bail on STA add failure in tpk_m1 processing
Jouni Malinen
j
Mon Jun 16 16:00:26 PDT 2014
On Tue, Jun 10, 2014 at 09:19:05PM +0300, Ilan Peer wrote:
> From: Arik Nemtsov <arik at wizery.com>
> The driver might not be able to add the TDLS STA. Fail if this happens.
> Also fix the error path to always reset the TDLS peer data.
> diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
> index c08d2f9..e712a4d 100644
> --- a/src/rsn_supp/tdls.c
> +++ b/src/rsn_supp/tdls.c
> @@ -1919,6 +1920,7 @@ skip_rsn_check:
> error:
> wpa_tdls_send_error(sm, src_addr, WLAN_TDLS_SETUP_RESPONSE, dtoken,
> status);
> + wpa_tdls_peer_free(sm, peer);
> return -1;
I should have noticed that before pushing the commits, but well, didn't.
Thankfully static analyzers are more alert at this hour, so this got
fixed quickly.. That's a NULL pointer dereference on peer if the first
goto error case is hit (unlikely, but possible).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list