From b6a5202e55cf0f010d523f31f642dc5ebf66eeea Mon Sep 17 00:00:00 2001 From: Gaetan Perrot Date: Tue, 8 Jul 2025 15:51:11 +0900 Subject: [PATCH] modules: hostap: supp_api: Fix possible null deference Ensure 'params' is not NULL before accessing its fields. Prevents possible null pointer dereference when calling strlen(params->ssid). Delay access to ssid->ssid and ssid->ssid_len until after null check. Prevents potential crash if wpa_s->current_ssid is NULL. Signed-off-by: Gaetan Perrot --- modules/hostap/src/supp_api.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/hostap/src/supp_api.c b/modules/hostap/src/supp_api.c index 6c78aacf5a8..d39986b571c 100644 --- a/modules/hostap/src/supp_api.c +++ b/modules/hostap/src/supp_api.c @@ -1291,8 +1291,8 @@ int supplicant_status(const struct device *dev, struct wifi_iface_status *status struct wpa_ssid *ssid = wpa_s->current_ssid; u8 channel; struct signal_poll_resp signal_poll; - u8 *_ssid = ssid->ssid; - size_t ssid_len = ssid->ssid_len; + u8 *_ssid; + size_t ssid_len; struct status_resp cli_status; int proto; int key_mgmt; @@ -1303,6 +1303,8 @@ int supplicant_status(const struct device *dev, struct wifi_iface_status *status goto out; } + _ssid = ssid->ssid; + ssid_len = ssid->ssid_len; proto = ssid->proto; key_mgmt = ssid->key_mgmt; sae_pwe = wpa_s->conf->sae_pwe; @@ -1493,9 +1495,15 @@ int supplicant_11k_cfg(const struct device *dev, struct wifi_11k_params *params) int supplicant_11k_neighbor_request(const struct device *dev, struct wifi_11k_params *params) { - int ssid_len = strlen(params->ssid); + int ssid_len; - if (params != NULL && ssid_len > 0) { + if (params == NULL) { + return -1; + } + + ssid_len = strlen(params->ssid); + + if (ssid_len > 0) { if (ssid_len > WIFI_SSID_MAX_LEN) { wpa_printf(MSG_ERROR, "%s: ssid too long %u", __func__, ssid_len);