Don't crash when trying to access invalid properties via D-Bus (rh #678625)

wpa_supplicant-dbus-null-error.patch

@@ -0,0 +1,47 @@
+commit 8ee69e06336d65b15364f4db82d91775d0fe47c6
+Author: Paul Stewart <pstew@google.com>
+Date:   Sat Oct 9 17:29:51 2010 +0300
+
+    dbus_new_handlers: Don't send NULL to dbus_message_new_error
+    
+    The new DBus API helper function wpas_dbus_error_unknown_error
+    function can be called as a result of a failure within internal
+    getter calls, which will call this function with a NULL message
+    parameter.  However, dbus_message_new_error looks very unkindly
+    (i.e, abort()) on a NULL message, so in this case, we should not
+    call it.
+    
+    I've observed this course of events during a call to
+    wpas_dbus_getter_bss_wpa with a faileld parse of the IE parameter.
+    We got here through a call to fill_dict_with_properties which
+    explicitly calls getters with a NULL message parameter.  Judging
+    from the way it is called, this could easily occur if an AP sends
+    out a malformed (or mis-received) probe response.  I usually run
+    into this problem while driving through San Francisco, so I'm
+    exposed to any number of base stations along this path.
+
+diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
+index 73f4e44..0ad51a0 100644
+--- a/wpa_supplicant/dbus/dbus_new_handlers.c
++++ b/wpa_supplicant/dbus/dbus_new_handlers.c
+@@ -117,6 +117,20 @@ static char * wpas_dbus_new_decompose_object_path(const char *path,
+ DBusMessage * wpas_dbus_error_unknown_error(DBusMessage *message,
+ 					    const char *arg)
+ {
++	/*
++	 * This function can be called as a result of a failure
++	 * within internal getter calls, which will call this function
++	 * with a NULL message parameter.  However, dbus_message_new_error
++	 * looks very unkindly (i.e, abort()) on a NULL message, so
++	 * in this case, we should not call it.
++	 */
++	if (message == NULL) {
++		wpa_printf(MSG_INFO, "dbus: wpas_dbus_error_unknown_error "
++			   "called with NULL message (arg=%s)",
++			   arg ? arg : "N/A");
++		return NULL;
++	}
++
+ 	return dbus_message_new_error(message, WPAS_DBUS_ERROR_UNKNOWN_ERROR,
+ 				      arg);
+ }

wpa_supplicant.spec

@@ -2,7 +2,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
 Version: 0.7.3
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: BSD
 Group: System Environment/Base
 Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz
@@ -35,6 +35,8 @@ Patch5: wpa_supplicant-openssl-more-algs.patch
 Patch6: wpa_supplicant-gui-qt4.patch
 # Send PropertyChanged notificationes when the BSS list changes
 Patch7: wpa_supplicant-bss-changed-prop-notify.patch
+# Don't crash trying to pass NULL to dbus
+Patch8: wpa_supplicant-dbus-null-error.patch
 # Dirty hack for WiMAX
 # http://linuxwimax.org/Download?action=AttachFile&do=get&target=wpa-1.5-README.txt
 Patch100: wpa_supplicant-0.7.2-generate-libeap-peer.patch
@@ -95,6 +97,7 @@ Don't use this unless you know what you're doing.
 %patch5 -p1 -b .more-openssl-algs
 %patch6 -p1 -b .qt4
 %patch7 -p1 -b .bss-changed-prop-notify
+%patch8 -p1 -b .dbus-null
 
 %build
 pushd wpa_supplicant
@@ -211,6 +214,9 @@ fi
 %postun -n libeap -p /sbin/ldconfig
 
 %changelog
+* Tue May  3 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-8
+- Don't crash when trying to access invalid properties via D-Bus (rh #678625)
+
 * Mon May  2 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-7
 - Make examples read-only to avoid erroneous python dependency (rh #687952)