jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

WPS NFC: Fix potential NULL pointer dereference on an error path

Browse source 
The NFC connection handover specific case of WPS public key generation
did not verify whether the two wpabuf_dup() calls succeed. Those may
return NULL due to an allocation failure and that would result in a NULL
pointer dereference in dh5_init_fixed().

Fix this by checking memory allocation results explicitly. If either of
the allocations fail, do not try to initialize wps->dh_ctx and instead,
report the failure through the existing error case handler below.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org
This commit is contained in:
Yu Ouyang 2018-12-03 14:18:53 +08:00 committed by Jouni Malinen
parent 0e1ab324cc
commit f81e65510c
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/wps/wps_attr_build.c
View file

@ -60,6 +60,7 @@ int wps_build_public_key(struct wps_data *wps, struct wpabuf *msg)
} }
wps->dh_privkey = wpabuf_dup(wps->wps->ap_nfc_dh_privkey); wps->dh_privkey = wpabuf_dup(wps->wps->ap_nfc_dh_privkey);
pubkey = wpabuf_dup(wps->wps->ap_nfc_dh_pubkey); pubkey = wpabuf_dup(wps->wps->ap_nfc_dh_pubkey);
if (wps->dh_privkey && pubkey)
wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey); wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey);
#endif /* CONFIG_WPS_NFC */ #endif /* CONFIG_WPS_NFC */
} else { } else {