aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2010-01-01 21:38:51 (GMT)
committerJouni Malinen <j@w1.fi>2010-01-01 21:42:41 (GMT)
commitacaa76a65b363bf4c6e55935420cf50d00c95964 (patch)
treeafd812d7643faa8d2c54d602eb5cba129507a718
parentbc71535ddfd8dc8946655cbbc3c0e1c18d6b4d09 (diff)
downloadhostap-06-acaa76a65b363bf4c6e55935420cf50d00c95964.zip
hostap-06-acaa76a65b363bf4c6e55935420cf50d00c95964.tar.gz
hostap-06-acaa76a65b363bf4c6e55935420cf50d00c95964.tar.bz2
WPS: Fix Probe Request processing to handle missing attribute
WPS IE parsing for PBC mode did not check whether the UUID-E attribute was included before dereferencing the pointer. This could result in the AP crashing when processing and invalid Probe Request frame.
-rw-r--r--src/wps/wps_registrar.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 67b4620..f34c9e9 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -709,6 +709,11 @@ void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr,
wpa_printf(MSG_DEBUG, "WPS: Probe Request for PBC received from "
MACSTR, MAC2STR(addr));
+ if (attr.uuid_e == NULL) {
+ wpa_printf(MSG_DEBUG, "WPS: Invalid Probe Request WPS IE: No "
+ "UUID-E included");
+ return;
+ }
wps_registrar_add_pbc_session(reg, addr, attr.uuid_e);
if (wps_registrar_pbc_overlap(reg, addr, attr.uuid_e)) {