From c3c5b5fe92814cd6add29c336e1710cc37f1d662 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Tue, 23 Jun 2015 18:25:35 +0300
Subject: [PATCH] ERP server: Make erp_send_finish_reauth() easier for static
 analyzers

The flags argument is used to indicate a failure case (0x80) which
allows erp == NULL. This may be a bit too difficult combination for
static analyzers to understand, so add an explicit check for !erp as
another condition for returning from the function before the erp pointer
gets dereferenced without checking it.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/eap_server/eap_server.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 1f38d78b2..6651229ce 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -745,7 +745,7 @@ static void erp_send_finish_reauth(struct eap_sm *sm,
 	wpabuf_free(sm->lastReqData);
 	sm->lastReqData = NULL;
 
-	if (flags & 0x80) {
+	if ((flags & 0x80) || !erp) {
 		sm->eap_if.eapFail = TRUE;
 		wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
 			MACSTR, MAC2STR(sm->peer_addr));