[PATCH] hostapd: Fix crash setting global configurator params on chirp rx

Jouni Malinen j at w1.fi
Wed Oct 7 16:33:36 EDT 2020

On Wed, Sep 16, 2020 at 09:51:40PM +0000, Andrew Beltrano wrote:
> When a presence announcement frame is received, a check is done to
> ensure an ongoing auth is not in progress (!hapd->dpp_auth). A new dpp
> auth is then initialized, however, when setting global configurator
> params for it, the hapd->dpp_auth pointer is used which was earlier
> confirmed as NULL, causing a crash in dpp_set_configurator params when
> the pointer is dereferenced.
> This only occurs when there are global DPP configurator params to be set
> and the peer has no overriding configurator params. If no global dpp
> configurator params exist, the call to dpp_set_configurator exits early
> and the problem is not observed.
> Fix by using the newly init'ed dpp auth structure for setting global
> dpp configurator params.

Thanks, applied.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list