Reject TLS-based EAP server method if TLS context not initialized
It was possible to configure hostapd in a way that could try to initialize a TLS-based EAP method even when TLS library context was not initialized (e.g., due to not configuring server or CA certificate). Such a case could potentially result in NULL pointer dereference in the TLS library, so check for this condition and reject EAP method initialization. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
19ae1d0788
commit
6b417a1b77
1 changed files with 5 additions and 0 deletions
|
@ -33,6 +33,11 @@ struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
|
|||
int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
int verify_peer)
|
||||
{
|
||||
if (sm->ssl_ctx == NULL) {
|
||||
wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method");
|
||||
return -1;
|
||||
}
|
||||
|
||||
data->eap = sm;
|
||||
data->phase2 = sm->init_phase2;
|
||||
|
||||
|
|
Loading…
Reference in a new issue