P2P: Fix the setter function for DBus group properties

The setter function uses the same hostapd_data structure as the getter
which causes it to crash if called on a P2P client. To overcome this
issue, the role is checked to ensure it is called on a group owner and
the pointer is examined for validity. The function will return an error
if called on a non-GO system.

Signed-hostap: Todd Previte <toddx.a.previte@intel.com>
Signed-hostap: Angie Chinchilla <angie.v.chinchilla@intel.com>
intended-for: hostap-1

diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
index 2476e62..bc63d47 100644 (file)
--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
@@ -1770,13 +1770,13 @@ dbus_bool_t wpas_dbus_setter_p2p_group_properties(DBusMessageIter *iter,
        DBusMessageIter variant_iter, iter_dict;
        struct wpa_dbus_dict_entry entry = { .type = DBUS_TYPE_STRING };
        unsigned int i;
-       struct hostapd_data *hapd = wpa_s->ap_iface->bss[0];
+       struct hostapd_data *hapd = NULL;
 
-       if (!hapd) {
-               dbus_set_error_const(error, DBUS_ERROR_FAILED,
-                                    "internal error");
+       if (wpas_get_p2p_role(wpa_s) == WPAS_P2P_ROLE_GO &&
+           wpa_s->ap_iface != NULL)
+               hapd = wpa_s->ap_iface->bss[0];
+       else
                return FALSE;
-       }
 
        dbus_message_iter_recurse(iter, &variant_iter);
        if (!wpa_dbus_dict_open_read(&variant_iter, &iter_dict, error))