From: Jouni Malinen <j@w1.fi>
Date: Fri, 1 Jan 2010 21:38:51 +0000 (+0200)
Subject: WPS: Fix Probe Request processing to handle missing attribute
X-Git-Tag: hostap_0_7_1~106
X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=dc5a08c053b293ae9c94481730ff626bcb8d4c81;p=libeap.git

WPS: Fix Probe Request processing to handle missing attribute

WPS IE parsing for PBC mode did not check whether the UUID-E attribute
was included before dereferencing the pointer. This could result in the
AP crashing when processing and invalid Probe Request frame.
---

diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 3f51190..db20c7d 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -799,6 +799,11 @@ void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr,
 
 	wpa_printf(MSG_DEBUG, "WPS: Probe Request for PBC received from "
 		   MACSTR, MAC2STR(addr));
+	if (attr.uuid_e == NULL) {
+		wpa_printf(MSG_DEBUG, "WPS: Invalid Probe Request WPS IE: No "
+			   "UUID-E included");
+		return;
+	}
 
 	wps_registrar_add_pbc_session(reg, addr, attr.uuid_e);
 	if (wps_registrar_pbc_overlap(reg, addr, attr.uuid_e)) {