Commit b6a5202e authored by Gaetan Perrot's avatar Gaetan Perrot Committed by Daniel DeGrasse
Browse files

modules: hostap: supp_api: Fix possible null deference 



Ensure 'params' is not NULL before accessing its fields.

Prevents possible null pointer dereference when calling
strlen(params->ssid).

Delay access to ssid->ssid and ssid->ssid_len until after null check.

Prevents potential crash if wpa_s->current_ssid is NULL.

Signed-off-by: default avatarGaetan Perrot <gaetan.perrot@spacecubics.com>
parent 151295f9

modules/hostap/src/supp_api.c

+12 −4
Original line number Diff line number Diff line
@@ -1291,8 +1291,8 @@ int supplicant_status(const struct device *dev, struct wifi_iface_status *status 
		struct wpa_ssid *ssid = wpa_s->current_ssid;

		u8 channel;

		struct signal_poll_resp signal_poll;

		u8 *_ssid = ssid->ssid;

		size_t ssid_len = ssid->ssid_len;

		u8 *_ssid;

		size_t ssid_len;

		struct status_resp cli_status;

		int proto;

		int key_mgmt;
@@ -1303,6 +1303,8 @@ int supplicant_status(const struct device *dev, struct wifi_iface_status *status 
			goto out;

		}



		_ssid = ssid->ssid;

		ssid_len = ssid->ssid_len;

		proto = ssid->proto;

		key_mgmt = ssid->key_mgmt;

		sae_pwe = wpa_s->conf->sae_pwe;
@@ -1493,9 +1495,15 @@ int supplicant_11k_cfg(const struct device *dev, struct wifi_11k_params *params) 


int supplicant_11k_neighbor_request(const struct device *dev, struct wifi_11k_params *params)

{

	int ssid_len = strlen(params->ssid);

	int ssid_len;



	if (params != NULL && ssid_len > 0) {

	if (params == NULL) {

		return -1;

	}



	ssid_len = strlen(params->ssid);



	if (ssid_len > 0) {

		if (ssid_len > WIFI_SSID_MAX_LEN) {

			wpa_printf(MSG_ERROR, "%s: ssid too long %u",

				   __func__, ssid_len);

CRA Git | Maintained and supported by SUSTech CRA and CCSE