mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-29 13:59:24 +01:00
fast_transition: fix crash by parsing RSN IE only if present
When performing a fast transition to another OPEN network the RSN element won't be there and therefore the bss->rsne is gonna be NULL. Fix crash by not accessing the rsne member when performing a fast transition to an AP that doe snot advertise any RSN IE. Crash caught with gdb: src/station.c:station_transition_start() 186, target 34:8f:27:2f:b8:fc Program received signal SIGSEGV, Segmentation fault. handshake_state_set_authenticator_ie (s=0x555555626eb0, ie=0x0) at src/handshake.c:163 163 s->authenticator_ie = l_memdup(ie, ie[1] + 2u); (gdb) bt #0 handshake_state_set_authenticator_ie (s=0x555555626eb0, ie=0x0) at src/handshake.c:163 #1 0x0000555555561a98 in fast_transition (netdev=0x55555562fbe0, target_bss=0x55555561f4a0, over_air=over_air@entry=true, cb=0x55555556d5b0 <station_fast_transition_cb>) at src/netdev.c:3164 #2 0x0000555555565dfd in netdev_fast_transition (netdev=<optimized out>, target_bss=<optimized out>, cb=<optimized out>) at src/netdev.c:3232 #3 0x000055555556ccbd in station_transition_start (bss=0x55555561f4a0, station=0x555555617da0) at src/station.c:1261 #4 station_roam_scan_notify (err=<optimized out>, bss_list=<optimized out>, userdata=0x555555617da0) at src/station.c:1444 #5 0x0000555555579560 in scan_finished (sc=0x55555562bf80, err=err@entry=0, bss_list=0x55555561bd90, sr=0x555555626b30, wiphy=<optimized out>) at src/scan.c:1234 #6 0x0000555555579620 in get_scan_done (user=0x555555618920) at src/scan.c:1264 #7 0x00005555555abd23 in destroy_request (data=0x55555561b000) at ell/genl.c:673 #8 0x00005555555ac129 in process_unicast (nlmsg=0x7fffffffc310, genl=0x55555560b7a0) at ell/genl.c:940 #9 received_data (io=<optimized out>, user_data=0x55555560b7a0) at ell/genl.c:1039 #10 0x00005555555a8aa3 in io_callback (fd=<optimized out>, events=1, user_data=0x55555560b840) at ell/io.c:126 #11 0x00005555555a7ccd in l_main_iterate (timeout=<optimized out>) at ell/main.c:473 #12 0x00005555555a7d9c in l_main_run () at ell/main.c:520 #13 l_main_run () at ell/main.c:502 #14 0x00005555555a7fac in l_main_run_with_signal (callback=<optimized out>, user_data=0x0) at ell/main.c:642 #15 0x000055555555e5b8 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:519
This commit is contained in:
parent
c17b0ce04e
commit
8106d82b4e
@ -2903,7 +2903,8 @@ static int fast_transition(struct netdev *netdev, struct scan_bss *target_bss,
|
|||||||
handshake_state_set_authenticator_address(netdev->handshake,
|
handshake_state_set_authenticator_address(netdev->handshake,
|
||||||
target_bss->addr);
|
target_bss->addr);
|
||||||
|
|
||||||
handshake_state_set_authenticator_ie(netdev->handshake,
|
if (target_bss->rsne)
|
||||||
|
handshake_state_set_authenticator_ie(netdev->handshake,
|
||||||
target_bss->rsne);
|
target_bss->rsne);
|
||||||
memcpy(netdev->handshake->mde + 2, target_bss->mde, 3);
|
memcpy(netdev->handshake->mde + 2, target_bss->mde, 3);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user