Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

D-Bus: Fix GroupAdd, Invite, RemovePersistentGroup path validation

net_id_str can be NULL and that must be checked for to avoid NULL
pointer dereference if an invalid persistent_group_object path is used
with these methods.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
ce82168b55
commit
bba40b65b0
1 changed files with 4 additions and 3 deletions
Split View Show Diff Stats
  1. 4 3
      wpa_supplicant/dbus/dbus_new_handlers_p2p.c

+ 4 - 3
wpa_supplicant/dbus/dbus_new_handlers_p2p.c
View File 

@@ -353,7 +353,7 @@ DBusMessage * wpas_dbus_handler_p2p_group_add(DBusMessage *message,
 
 		iface = wpas_dbus_new_decompose_object_path(
 
 			pg_object_path, WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
 
 			&net_id_str);
 
-		if (iface == NULL ||
 
+		if (iface == NULL || net_id_str == NULL ||
 
 		    os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
 
 			reply =
 
 			    wpas_dbus_error_invalid_args(message,
 
@@ -647,7 +647,7 @@ DBusMessage * wpas_dbus_handler_p2p_invite(DBusMessage *message,
 
 			pg_object_path,
 
 			WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
 
 			&net_id_str);
 
-		if (iface == NULL ||
 
+		if (iface == NULL || net_id_str == NULL ||
 
 		    os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
 
 			reply = wpas_dbus_error_invalid_args(message,
 
 							     pg_object_path);
 
@@ -1899,7 +1899,8 @@ DBusMessage * wpas_dbus_handler_remove_persistent_group(
 
 	iface = wpas_dbus_new_decompose_object_path(
 
 		op, WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
 
 		&persistent_group_id);
 
-	if (iface == NULL || os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
 
+	if (iface == NULL || persistent_group_id == NULL ||
 
+	    os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
 
 		reply = wpas_dbus_error_invalid_args(message, op);
 
 		goto out;
 
 	}