From 8d968351a0a77824a4c703e663427cde767bbd48 Mon Sep 17 00:00:00 2001 From: Peng Xu Date: Wed, 24 May 2017 11:33:20 -0700 Subject: [PATCH] Interworking: Add NULL checking for EAP name in phase2/autheap parameter Add NULL checking for EAP name. If it is NULL, do not add the phase2 parameter autheap. This should not happen in practice due to earlier checks for credential matching, but if there is a code path that would allow this to be set, it is better to skip setting of the invalid value and allow automatic selection of the Phase 2 parameters. Signed-off-by: Jouni Malinen --- wpa_supplicant/interworking.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c index 225f950ee..15b1016c0 100644 --- a/wpa_supplicant/interworking.c +++ b/wpa_supplicant/interworking.c @@ -1771,9 +1771,10 @@ int interworking_connect(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, switch (eap->method) { case EAP_TYPE_TTLS: if (eap->inner_method) { - os_snprintf(buf, sizeof(buf), "\"autheap=%s\"", - eap_get_name(EAP_VENDOR_IETF, - eap->inner_method)); + name = eap_get_name(EAP_VENDOR_IETF, eap->inner_method); + if (!name) + goto fail; + os_snprintf(buf, sizeof(buf), "\"autheap=%s\"", name); if (wpa_config_set(ssid, "phase2", buf, 0) < 0) goto fail; break;