From 6b417a1b77de776cb53bb13043143761387758fb Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 24 Nov 2013 18:01:12 +0200 Subject: [PATCH] Reject TLS-based EAP server method if TLS context not initialized It was possible to configure hostapd in a way that could try to initialize a TLS-based EAP method even when TLS library context was not initialized (e.g., due to not configuring server or CA certificate). Such a case could potentially result in NULL pointer dereference in the TLS library, so check for this condition and reject EAP method initialization. Signed-hostap: Jouni Malinen --- src/eap_server/eap_server_tls_common.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c index 9efb5b293..526e1bcc9 100644 --- a/src/eap_server/eap_server_tls_common.c +++ b/src/eap_server/eap_server_tls_common.c @@ -33,6 +33,11 @@ struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len, int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, int verify_peer) { + if (sm->ssl_ctx == NULL) { + wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method"); + return -1; + } + data->eap = sm; data->phase2 = sm->init_phase2;