aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_pwd.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-05-11 15:38:07 (GMT)
committerJouni Malinen <j@w1.fi>2014-05-11 18:24:05 (GMT)
commit0f73c642cc802f02336945cb20f2703efc54fb36 (patch)
treecc64ab970a3f37f3cf03480131f7e30300a85267 /src/eap_peer/eap_pwd.c
parentcb4ac38b15efdbdadaf21047f29cf4de177b65f3 (diff)
downloadhostap-0f73c642cc802f02336945cb20f2703efc54fb36.zip
hostap-0f73c642cc802f02336945cb20f2703efc54fb36.tar.gz
hostap-0f73c642cc802f02336945cb20f2703efc54fb36.tar.bz2
EAP-pwd: Fix processing of group setup failure
If invalid group was negotiated, compute_password_element() left some of the data->grp pointer uninitialized and this could result in segmentation fault when deinitializing the EAP method. Fix this by explicitly clearing all the pointer with eap_zalloc(). In addition, speed up EAP failure reporting in this type of error case by indicating that the EAP method execution cannot continue anymore on the peer side instead of waiting for a timeout. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_peer/eap_pwd.c')
-rw-r--r--src/eap_peer/eap_pwd.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index ac1b6eb..2aa7ba5 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -252,8 +252,8 @@ eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
wpa_hexdump_ascii(MSG_INFO, "EAP-PWD (peer): server sent id of",
data->id_server, data->id_server_len);
- if ((data->grp = (EAP_PWD_group *) os_malloc(sizeof(EAP_PWD_group))) ==
- NULL) {
+ data->grp = os_zalloc(sizeof(EAP_PWD_group));
+ if (data->grp == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for "
"group");
eap_pwd_state(data, FAILURE);
@@ -858,8 +858,11 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
data->in_frag_pos = 0;
}
- if (data->outbuf == NULL)
+ if (data->outbuf == NULL) {
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
return NULL; /* generic failure */
+ }
/*
* we have output! Do we need to fragment it?