P2P: Make p2p_go_configured() more robust against unexpected calls

A hwsim test sequence was able to hit a SIGSEGV in
p2p_go_save_group_common_freqs() called by p2p_go_configured() callback
in a case where a non-P2P AP mode operation is started in wpa_supplicant
(wpas_ap_wep test case). This callback should not have happened for
non-P2P case and the debug logs did not make it clear how this could
happen. In addition, it is unclear how this could be reproduced.

To avoid this type of issues, clear the wpa_s->ap_configured_cb pointer
as soon as the first call to the function happens. In addition, verify
that wpa_s->go_params is available before processing the GO configured
callback.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index c290a4e..a60ae6e 100644 (file)
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -1748,6 +1748,15 @@ static void p2p_go_configured(void *ctx, void *data)
        struct wpa_ssid *ssid;
        int network_id = -1;
 
+       wpa_s->ap_configured_cb = NULL;
+       wpa_s->ap_configured_cb_ctx = NULL;
+       wpa_s->ap_configured_cb_data = NULL;
+       if (!wpa_s->go_params) {
+               wpa_printf(MSG_ERROR,
+                          "P2P: p2p_go_configured() called with wpa_s->go_params == NULL");
+               return;
+       }
+
        p2p_go_save_group_common_freqs(wpa_s, params);
        p2p_go_dump_common_freqs(wpa_s);