From 58efbcbcd457eddb3e5f6704e6f19d7327d09915 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 11 Oct 2017 18:19:03 +0300 Subject: [PATCH] DPP: Fix static analyzer warnings in key generation and JWK construction Memory allocation failures could have resulted in error paths that dereference a NULL pointer or double-freeing memory. Fix this by explicitly clearing the freed pointer and checking allocation results. Signed-off-by: Jouni Malinen --- src/common/dpp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/common/dpp.c b/src/common/dpp.c index 649464bce..79ac49a7d 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -1203,6 +1203,7 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve, base64 = base64_encode(der, der_len, &len); OPENSSL_free(der); + der = NULL; if (!base64) goto fail; pos = (char *) base64; @@ -2962,6 +2963,8 @@ static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key, x = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0); pos += curve->prime_len; y = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0); + if (!x || !y) + goto fail; wpabuf_put_str(buf, "\""); wpabuf_put_str(buf, name); @@ -2977,13 +2980,11 @@ static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key, } wpabuf_put_str(buf, "\"}"); ret = 0; -out: +fail: wpabuf_free(pub); os_free(x); os_free(y); return ret; -fail: - goto out; }