P2PS: Fix possible NULL pointer dereference in PD exchange

It is possible that p2p_build_prov_disc_resp() is called with a NULL
device entry, which might be dereferenced when calling
p2p->cfg->get_persistent_group() for the P2PS with persistent group
case. Fix this by checking the device pointer before accessing it.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
index 6363e36..166d0da 100644 (file)
--- a/src/p2p/p2p_pd.c
+++ b/src/p2p/p2p_pd.c
@@ -301,7 +301,7 @@ static struct wpabuf * p2p_build_prov_disc_resp(struct p2p_data *p2p,
                                       group_capab);
                p2p_buf_add_device_info(buf, p2p, NULL);
 
-               if (persist_ssid && p2p->cfg->get_persistent_group &&
+               if (persist_ssid && p2p->cfg->get_persistent_group && dev &&
                    (status == P2P_SC_SUCCESS ||
                     status == P2P_SC_SUCCESS_DEFERRED)) {
                        u8 ssid[SSID_MAX_LEN];