From 8cb61f9aae2d3230833095f795b14e1252067b3a Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Wed, 28 Apr 2021 11:02:20 -0500
Subject: [PATCH] diagnostic: Fix crash with Open networks

It isn't safe to return a NULL from diagnostic_akm_suite_to_security()
since the value is used directly.  Also, if the AKM suite is 0, this
implies that the network is an Open network and not some unknown AKM.

==17982== Invalid read of size 1
==17982==    at 0x483BC92: strlen (vg_replace_strmem.c:459)
==17982==    by 0x47DE60: _dbus1_builder_append_basic (dbus-util.c:981)
==17982==    by 0x41ACB2: dbus_append_dict_basic (dbus.c:197)
==17982==    by 0x412050: station_get_diagnostic_cb (station.c:3614)
==17982==    by 0x405B19: netdev_get_station_cb (netdev.c:4801)
==17982==    by 0x47436E: process_unicast (genl.c:994)
==17982==    by 0x47436E: received_data (genl.c:1102)
==17982==    by 0x470FBB: io_callback (io.c:120)
==17982==    by 0x4701DC: l_main_iterate (main.c:478)
==17982==    by 0x4702AB: l_main_run (main.c:525)
==17982==    by 0x4702AB: l_main_run (main.c:507)
==17982==    by 0x4704BB: l_main_run_with_signal (main.c:647)
==17982==    by 0x403EDB: main (main.c:490)
==17982==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==17982==
Aborting (signal 11) [/home/denkenz/iwd/src/iwd]
++++++++ backtrace ++++++++
0  0x488a550 in /lib64/libc.so.6
1  0x483bc92 in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so
2  0x47de61 in _dbus1_builder_append_basic() at ell/dbus-util.c:983
3  0x41acb3 in dbus_append_dict_basic() at src/dbus.c:197
4  0x412051 in station_get_diagnostic_cb() at src/station.c:3618
5  0x405b1a in netdev_get_station_cb() at src/netdev.c:4801
---
 src/diagnostic.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/diagnostic.c b/src/diagnostic.c
index a5fa0ef2..b928c2c1 100644
--- a/src/diagnostic.c
+++ b/src/diagnostic.c
@@ -116,6 +116,9 @@ bool diagnostic_info_to_dict(const struct diagnostic_station_info *info,
 const char *diagnostic_akm_suite_to_security(enum ie_rsn_akm_suite akm,
 						bool wpa)
 {
+	if (akm == 0)
+		return "Open";
+
 	switch (akm) {
 	case IE_RSN_AKM_SUITE_8021X:
 	case IE_RSN_AKM_SUITE_8021X_SHA256:
@@ -147,6 +150,6 @@ const char *diagnostic_akm_suite_to_security(enum ie_rsn_akm_suite akm,
 	case IE_RSN_AKM_SUITE_OSEN:
 		return "OSEN";
 	default:
-		return NULL;
+		return "Unknown";
 	}
 }