[PATCH 2/7] TDLS: bail on STA add failure in tpk_m1 processing
Arik Nemtsov
arik
Mon Jun 16 23:28:59 PDT 2014
On Tue, Jun 17, 2014 at 2:00 AM, Jouni Malinen <j at w1.fi> wrote:
> On Tue, Jun 10, 2014 at 09:19:05PM +0300, Ilan Peer wrote:
>> From: Arik Nemtsov <arik at wizery.com>
>> The driver might not be able to add the TDLS STA. Fail if this happens.
>> Also fix the error path to always reset the TDLS peer data.
>
>> diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
>> index c08d2f9..e712a4d 100644
>> --- a/src/rsn_supp/tdls.c
>> +++ b/src/rsn_supp/tdls.c
>> @@ -1919,6 +1920,7 @@ skip_rsn_check:
>> error:
>> wpa_tdls_send_error(sm, src_addr, WLAN_TDLS_SETUP_RESPONSE, dtoken,
>> status);
>> + wpa_tdls_peer_free(sm, peer);
>> return -1;
>
> I should have noticed that before pushing the commits, but well, didn't.
> Thankfully static analyzers are more alert at this hour, so this got
> fixed quickly.. That's a NULL pointer dereference on peer if the first
> goto error case is hit (unlikely, but possible).
Right. Thanks.
Looking at the patch again made me realized I forgot to handle the
wpa_sm_tdls_peer_addset call where we initiate the connection. I'll
fix it.
I also have some more patches in the pipe for QoS/HT TDLS with mac80211.
Arik
More information about the Hostap
mailing list