mesh: Check for initialization failures

It is possible that these location ended up getting called before mesh
startup operations had been completed and that could result in
dereferencing NULL pointers. Address those error cases by verifying that
the needed parameters are available before using them.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c
index 2e5afd9..3b931f8 100644 (file)
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -310,9 +310,14 @@ static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s,
                wpabuf_put_le16(buf, sta->peer_lid);
        if (type == PLINK_CLOSE)
                wpabuf_put_le16(buf, close_reason);
-       if (ampe)
+       if (ampe) {
+               if (sta->sae == NULL) {
+                       wpa_msg(wpa_s, MSG_INFO, "Mesh MPM: no SAE session");
+                       goto fail;
+               }
                mesh_rsn_get_pmkid(wpa_s->mesh_rsn, sta,
                                   wpabuf_put(buf, PMKID_LEN));
+       }
 
 #ifdef CONFIG_IEEE80211N
        if (type != PLINK_CLOSE &&

diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index 4ee3431..8354aad 100644 (file)
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -329,6 +329,12 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s,
        struct wpabuf *buf;
        unsigned int rnd;
 
+       if (!ssid) {
+               wpa_msg(wpa_s, MSG_DEBUG,
+                       "AUTH: No current_ssid known to initiate new SAE");
+               return -1;
+       }
+
        if (!sta->sae) {
                sta->sae = os_zalloc(sizeof(*sta->sae));
                if (sta->sae == NULL)