From de6e463f579faa568b751fea01b751f0c6f6afb3 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 12 Aug 2011 11:56:44 +0300 Subject: [PATCH] Make sure that EAP callbacks are not done if state machine has been removed It is possible to get a response for a pending EAP callback after the EAP state machine has already completed its work or has timed out. For those cases, make sure that the callback function is not delivered since it could result in NULL pointer dereferences. --- src/eapol_auth/eapol_auth_sm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c index 4aa71ad03..e60095486 100644 --- a/src/eapol_auth/eapol_auth_sm.c +++ b/src/eapol_auth/eapol_auth_sm.c @@ -1017,7 +1017,7 @@ static struct eapol_callbacks eapol_cb = int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx) { - if (sm == NULL || ctx != sm->eap) + if (sm == NULL || ctx == NULL || ctx != sm->eap) return -1; eap_sm_pending_cb(sm->eap);