wpa_supplicant ap mode crash

Jouni Malinen j at w1.fi
Fri Jan 1 07:22:10 PST 2016

On Wed, Dec 30, 2015 at 10:21:52AM -0600, David Friberg wrote:
> Happens when I try to connect to my AP from a Windows machine.  Seems
> a null check here may be needed?  Connection seems to work ok with the
> patch below.

>  struct wpabuf * p2p_group_assoc_resp_ie(struct p2p_group *group, u8 status)
>  {
>   struct wpabuf *resp;
>   u8 *rlen;
>   size_t extra = 0;
> - if (group == NULL)
> - return NULL;

The group argument here is hapd->p2p_group and by default, that would
actually be initialized by wpa_supplicant. It looks like this will be
left NULL in case P2P support is disabled at runtime (e.g., with
"P2P_SET disabled 1"). I found couple of other places where a similar
NULL pointer dereference can happen if P2P is disabled at runtime. I'll
fix these in the caller functions, but the effect of that is practically
identical to the change here.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list