Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

MBO: Fix possible NULL pointer dereference on candidate handling

If the driver provides input on MBO transition candidate handling, the
target value in get_mbo_transition_candidate() can be NULL if the driver
provided BSSID is not found in the wpa_supplicant BSS table. And later
it would be dereferenced. Fix this by adding an explicit check before
dereferencing the pointer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Pradeep Reddy Potteti 7 years ago
parent
01dd2b1054
commit
f2a04874cf
1 changed files with 3 additions and 2 deletions
Split View Show Diff Stats
  1. 3 2
      wpa_supplicant/wnm_sta.c

+ 3 - 2
wpa_supplicant/wnm_sta.c
View File 

@@ -581,8 +581,9 @@ get_mbo_transition_candidate(struct wpa_supplicant *wpa_s,
 
 		for (i = 0; i < info->num; i++) {
 
 			target = wpa_bss_get_bssid(wpa_s,
 
 						   info->candidates[i].bssid);
 
-			if (target->level <
 
-			    wpa_s->conf->disassoc_imminent_rssi_threshold)
 
+			if (target &&
 
+			    (target->level <
 
+			     wpa_s->conf->disassoc_imminent_rssi_threshold))
 
 				continue;
 
 			goto end;
 
 		}