aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/dbus/dbus_old_handlers.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-04-29 10:13:34 (GMT)
committerJouni Malinen <j@w1.fi>2015-04-29 17:42:25 (GMT)
commit8a78e227df1ead19be8e12a4108e448887e64d6f (patch)
tree323221db427eb0bb3f5fd9c64284f59425fbb15d /wpa_supplicant/dbus/dbus_old_handlers.c
parentdea0d8ee295983358e300c84af006bfbd79c5500 (diff)
downloadhostap-8a78e227df1ead19be8e12a4108e448887e64d6f.zip
hostap-8a78e227df1ead19be8e12a4108e448887e64d6f.tar.gz
hostap-8a78e227df1ead19be8e12a4108e448887e64d6f.tar.bz2
D-Bus: Fix operations when P2P management interface is used
Commit 21efc940f6e7f07b84b7e5c5867f3d81594c4fb0 ('wpa_supplicant: Do not register a P2P management interface on DBus') hides the special P2P management interface from D-Bus. However, it did not take into account the possibility of wpa_s->dbus_path and wpa_s->dbus_new_path being NULL in such cases on number of code paths within the D-Bus handlers. This could result in invalid arguments (NULL path) being provided to D-Bus functions (mainly, dbus_message_iter_append_basic) and NULL pointer dereference when iterating over all interfaces. Either of these could make wpa_supplicant process terminate. Fix this by explicitly checking that the interface-specific D-Bus path has been registered before using it anywhere with D-Bus handlers. In addition, find the correct wpa_s instance to fix P2P operations through D-Bus when the P2P Device interface is used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant/dbus/dbus_old_handlers.c')
-rw-r--r--wpa_supplicant/dbus/dbus_old_handlers.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/wpa_supplicant/dbus/dbus_old_handlers.c b/wpa_supplicant/dbus/dbus_old_handlers.c
index 773ee8b..0ffa1be 100644
--- a/wpa_supplicant/dbus/dbus_old_handlers.c
+++ b/wpa_supplicant/dbus/dbus_old_handlers.c
@@ -166,7 +166,7 @@ DBusMessage * wpas_dbus_global_add_interface(DBusMessage *message,
iface.bridge_ifname = bridge_ifname;
/* Otherwise, have wpa_supplicant attach to it. */
wpa_s = wpa_supplicant_add_iface(global, &iface, NULL);
- if (wpa_s) {
+ if (wpa_s && wpa_s->dbus_path) {
const char *path = wpa_s->dbus_path;
reply = dbus_message_new_method_return(message);
@@ -262,7 +262,7 @@ DBusMessage * wpas_dbus_global_get_interface(DBusMessage *message,
}
wpa_s = wpa_supplicant_get_iface(global, ifname);
- if (wpa_s == NULL) {
+ if (wpa_s == NULL || !wpa_s->dbus_path) {
reply = wpas_dbus_new_invalid_iface_error(message);
goto out;
}
@@ -354,6 +354,11 @@ DBusMessage * wpas_dbus_iface_scan_results(DBusMessage *message,
DBusMessageIter sub_iter;
struct wpa_bss *bss;
+ if (!wpa_s->dbus_path)
+ return dbus_message_new_error(message,
+ WPAS_ERROR_INTERNAL_ERROR,
+ "no D-Bus interface available");
+
/* Create and initialize the return message */
reply = dbus_message_new_method_return(message);
dbus_message_iter_init_append(reply, &iter);
@@ -708,10 +713,11 @@ DBusMessage * wpas_dbus_iface_add_network(DBusMessage *message,
struct wpa_supplicant *wpa_s)
{
DBusMessage *reply = NULL;
- struct wpa_ssid *ssid;
+ struct wpa_ssid *ssid = NULL;
char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *path = path_buf;
- ssid = wpa_config_add_network(wpa_s->conf);
+ if (wpa_s->dbus_path)
+ ssid = wpa_config_add_network(wpa_s->conf);
if (ssid == NULL) {
reply = dbus_message_new_error(
message, WPAS_ERROR_ADD_NETWORK_ERROR,
@@ -769,7 +775,7 @@ DBusMessage * wpas_dbus_iface_remove_network(DBusMessage *message,
}
/* Ensure the network is actually a child of this interface */
- if (os_strcmp(iface, wpa_s->dbus_path) != 0) {
+ if (!wpa_s->dbus_path || os_strcmp(iface, wpa_s->dbus_path) != 0) {
reply = wpas_dbus_new_invalid_network_error(message);
goto out;
}
@@ -1020,7 +1026,7 @@ DBusMessage * wpas_dbus_iface_select_network(DBusMessage *message,
goto out;
}
/* Ensure the object path really points to this interface */
- if (network == NULL ||
+ if (network == NULL || !wpa_s->dbus_path ||
os_strcmp(iface_obj_path, wpa_s->dbus_path) != 0) {
reply = wpas_dbus_new_invalid_network_error(message);
goto out;