[PATCH 12/16] WNM: Reject requests with an invalid dialog token

benjamin at sipsolutions.net benjamin at sipsolutions.net
Mon Apr 29 04:51:53 PDT 2024


From: Benjamin Berg <benjamin.berg at intel.com>

The dialog token must be non-zero. We are using this fact internally to
track the state in some cases, so ensure that the assumption is valid.

Signed-off-by: Benjamin Berg <benjamin.berg at intel.com>
---
 wpa_supplicant/wnm_sta.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 4a3fd5eb1..f0cbf914c 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c
@@ -1347,6 +1347,12 @@ static void ieee802_11_rx_bss_trans_mgmt_req(struct wpa_supplicant *wpa_s,
 		   wpa_s->wnm_dialog_token, wpa_s->wnm_mode,
 		   wpa_s->wnm_dissoc_timer, valid_int);
 
+	if (!wpa_s->wnm_dialog_token) {
+		wpa_printf(MSG_DEBUG, "WNM: invalid dialog token");
+		wnm_btm_reset(wpa_s);
+		return;
+	}
+
 #if defined(CONFIG_MBO) && defined(CONFIG_TESTING_OPTIONS)
 	if (wpa_s->reject_btm_req_reason) {
 		wpa_printf(MSG_INFO,
-- 
2.44.0




More information about the Hostap mailing list