DPP: Fix static analyzer warnings in key generation and JWK construction
Memory allocation failures could have resulted in error paths that dereference a NULL pointer or double-freeing memory. Fix this by explicitly clearing the freed pointer and checking allocation results. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
f516090228
commit
58efbcbcd4
1 changed files with 4 additions and 3 deletions
|
@ -1203,6 +1203,7 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
|
||||||
|
|
||||||
base64 = base64_encode(der, der_len, &len);
|
base64 = base64_encode(der, der_len, &len);
|
||||||
OPENSSL_free(der);
|
OPENSSL_free(der);
|
||||||
|
der = NULL;
|
||||||
if (!base64)
|
if (!base64)
|
||||||
goto fail;
|
goto fail;
|
||||||
pos = (char *) base64;
|
pos = (char *) base64;
|
||||||
|
@ -2962,6 +2963,8 @@ static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
|
||||||
x = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
|
x = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
|
||||||
pos += curve->prime_len;
|
pos += curve->prime_len;
|
||||||
y = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
|
y = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
|
||||||
|
if (!x || !y)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
wpabuf_put_str(buf, "\"");
|
wpabuf_put_str(buf, "\"");
|
||||||
wpabuf_put_str(buf, name);
|
wpabuf_put_str(buf, name);
|
||||||
|
@ -2977,13 +2980,11 @@ static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
|
||||||
}
|
}
|
||||||
wpabuf_put_str(buf, "\"}");
|
wpabuf_put_str(buf, "\"}");
|
||||||
ret = 0;
|
ret = 0;
|
||||||
out:
|
fail:
|
||||||
wpabuf_free(pub);
|
wpabuf_free(pub);
|
||||||
os_free(x);
|
os_free(x);
|
||||||
os_free(y);
|
os_free(y);
|
||||||
return ret;
|
return ret;
|
||||||
fail:
|
|
||||||
goto out;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue