WPS NFC: Fix potential NULL pointer dereference on an error path
The NFC connection handover specific case of WPS public key generation did not verify whether the two wpabuf_dup() calls succeed. Those may return NULL due to an allocation failure and that would result in a NULL pointer dereference in dh5_init_fixed(). Fix this by checking memory allocation results explicitly. If either of the allocations fail, do not try to initialize wps->dh_ctx and instead, report the failure through the existing error case handler below. Signed-off-by: Jouni Malinen <jouni@codeaurora.org
This commit is contained in:
parent
0e1ab324cc
commit
f81e65510c
1 changed files with 2 additions and 1 deletions
|
@ -60,7 +60,8 @@ int wps_build_public_key(struct wps_data *wps, struct wpabuf *msg)
|
||||||
}
|
}
|
||||||
wps->dh_privkey = wpabuf_dup(wps->wps->ap_nfc_dh_privkey);
|
wps->dh_privkey = wpabuf_dup(wps->wps->ap_nfc_dh_privkey);
|
||||||
pubkey = wpabuf_dup(wps->wps->ap_nfc_dh_pubkey);
|
pubkey = wpabuf_dup(wps->wps->ap_nfc_dh_pubkey);
|
||||||
wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey);
|
if (wps->dh_privkey && pubkey)
|
||||||
|
wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey);
|
||||||
#endif /* CONFIG_WPS_NFC */
|
#endif /* CONFIG_WPS_NFC */
|
||||||
} else {
|
} else {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: Generate new DH keys");
|
wpa_printf(MSG_DEBUG, "WPS: Generate new DH keys");
|
||||||
|
|
Loading…
Reference in a new issue