aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/events.c
diff options
context:
space:
mode:
authorMasashi Honma <masashi.honma@gmail.com>2012-08-11 14:46:58 (GMT)
committerJouni Malinen <j@w1.fi>2012-08-11 14:46:58 (GMT)
commit0a0c38f63d825b352deb819b32a0fb1203eb936c (patch)
tree899e3dce53b38b0d1a62abf7404e5b56ef3f0b53 /wpa_supplicant/events.c
parentb6871ebb1735e86ef02d59318d790f336844e822 (diff)
downloadhostap-0a0c38f63d825b352deb819b32a0fb1203eb936c.zip
hostap-0a0c38f63d825b352deb819b32a0fb1203eb936c.tar.gz
hostap-0a0c38f63d825b352deb819b32a0fb1203eb936c.tar.bz2
Do not proceed with association if get_bssid() returns failure
This is the normal flow for association: wpa_supplicant <--(EVENT_ASSOC event )-- device driver wpa_supplicant --( get_bssid() )--> device driver wpa_supplicant <--( return BSSID )-- device driver However, a device driver could return EINVAL for get_bssid() because it recognizes it has already been disconnected. When the wpa_supplicant received EINVAL, the bssid field could be used uninitialized in the following flow: wpa_supplicant <--(EVENT_ASSOC event )-- device driver device driver (receive deauth) wpa_supplicant --( get_bssid() )--> device driver wpa_supplicant <--( return EINVAL )-- device driver Prevent this by requiring the get_bssid() call to succeed when processing association events.
Diffstat (limited to 'wpa_supplicant/events.c')
-rw-r--r--wpa_supplicant/events.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 3b52f2d..8f40150 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1524,9 +1524,15 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
if (data && wpa_supplicant_event_associnfo(wpa_s, data) < 0)
return;
+ if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
+ wpa_dbg(wpa_s, MSG_ERROR, "Failed to get BSSID");
+ wpa_supplicant_disassociate(
+ wpa_s, WLAN_REASON_DEAUTH_LEAVING);
+ return;
+ }
+
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED);
- if (wpa_drv_get_bssid(wpa_s, bssid) >= 0 &&
- os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) {
+ if (os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) {
wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID="
MACSTR, MAC2STR(bssid));
random_add_randomness(bssid, ETH_ALEN);