In normal cases when an error reply is received from wpa_supplicant, the code uses a DBusMessageIter struct from the stack and initializes it to point to the error return message in gsupplicant/dbus.c, method_call_reply(). When passed to parse_supplicant_error(), the iterator is valid, but contains no data and everything works fine.
When a gsupplicant pending call is cancelled by ConnMan, the cancellation code will call the callback instead with a NULL iterator. Explicitely catch this NULL iterator and return the default -ECANCELED to the caller instead of relying on the specific way the dbus library was compiled - either detecting NULL pointers or just plainly crashing. The fix is based on a very similar one by Rickhard Röjfors but was made to be even more explicit and accompanied by a longer explanation. --- gsupplicant/supplicant.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c index d26b6e2..1886a40 100644 --- a/gsupplicant/supplicant.c +++ b/gsupplicant/supplicant.c @@ -3792,6 +3792,9 @@ static int parse_supplicant_error(DBusMessageIter *iter) int err = -ECANCELED; char *key; + if (!iter) + return err; + /* If the given passphrase is malformed wpa_s returns * "invalid message format" but this error should be interpreted as * invalid-key. -- 1.9.1 _______________________________________________ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman