In normal cases when an error reply is received from wpa_supplicant,
the code uses a DBusMessageIter struct from the stack and initializes
it to point to the error return message in gsupplicant/dbus.c,
method_call_reply(). When passed to parse_supplicant_error(), the
iterator is valid, but contains no data and everything works fine.
When a gsupplicant pending call is cancelled by ConnMan, the
cancellation code will call the callback instead with a NULL iterator.
Explicitely catch this NULL iterator and return the default -ECANCELED
to the caller instead of relying on the specific way the dbus library
was compiled - either detecting NULL pointers or just plainly crashing.
The fix is based on a very similar one by Rickhard Röjfors but was made
to be even more explicit and accompanied by a longer explanation.
---
gsupplicant/supplicant.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
index d26b6e2..1886a40 100644
--- a/gsupplicant/supplicant.c
+++ b/gsupplicant/supplicant.c
@@ -3792,6 +3792,9 @@ static int parse_supplicant_error(DBusMessageIter *iter)
int err = -ECANCELED;
char *key;
+ if (!iter)
+ return err;
+
/* If the given passphrase is malformed wpa_s returns
* "invalid message format" but this error should be interpreted as
* invalid-key.
--
1.9.1
_______________________________________________
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
