path: root/wpa_supplicant
diff options
authorJouni Malinen <j@w1.fi>2019-02-23 10:59:10 (GMT)
committerJouni Malinen <j@w1.fi>2019-02-25 17:43:11 (GMT)
commite3b5bd81bdb666e13322248d18307317714bf461 (patch)
treef7e9e97c7d1f779954118580f099270e5f2d4a0c /wpa_supplicant
parent01d01a311c52d56709eaadc5ffbbe7a7d773b041 (diff)
UBSan: Fix RRM beacon processing attempt without scan_info
Some driver interfaces (e.g., wext) might not include the data->scan_info information and data could be NULL here. Do not try to call the RRM handler in this case since that would dereference the NULL pointer when determining where scan_info is located and could potentially result in trying to read from unexpected location if RRM is enabled with a driver interface that does not support it. events.c:1907:59: runtime error: member access within null pointer of type 'union wpa_event_data' Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant')
1 files changed, 2 insertions, 2 deletions
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index f2462d7..daca69c 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1,6 +1,6 @@
* WPA Supplicant - Driver event processing
- * Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -1903,7 +1903,7 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
if (sme_proc_obss_scan(wpa_s) > 0)
goto scan_work_done;
- if (own_request &&
+ if (own_request && data &&
wpas_beacon_rep_scan_process(wpa_s, scan_res, &data->scan_info) > 0)
goto scan_work_done;