path: root/src/wps
diff options
authorYu Ouyang <yuo@codeaurora.org>2018-12-03 06:18:53 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-04 18:52:34 (GMT)
commitf81e65510c8f74e2f22f37c66bd9f12d620ca13c (patch)
treef58eac3c5cbc91576c08931aa744e82d9368a1a8 /src/wps
parent0e1ab324cc8f07f4a132a8a2bae0da1b9aca19cd (diff)
WPS NFC: Fix potential NULL pointer dereference on an error path
The NFC connection handover specific case of WPS public key generation did not verify whether the two wpabuf_dup() calls succeed. Those may return NULL due to an allocation failure and that would result in a NULL pointer dereference in dh5_init_fixed(). Fix this by checking memory allocation results explicitly. If either of the allocations fail, do not try to initialize wps->dh_ctx and instead, report the failure through the existing error case handler below. Signed-off-by: Jouni Malinen <jouni@codeaurora.org
Diffstat (limited to 'src/wps')
1 files changed, 2 insertions, 1 deletions
diff --git a/src/wps/wps_attr_build.c b/src/wps/wps_attr_build.c
index 770f5e9..7dfa95b 100644
--- a/src/wps/wps_attr_build.c
+++ b/src/wps/wps_attr_build.c
@@ -60,7 +60,8 @@ int wps_build_public_key(struct wps_data *wps, struct wpabuf *msg)
wps->dh_privkey = wpabuf_dup(wps->wps->ap_nfc_dh_privkey);
pubkey = wpabuf_dup(wps->wps->ap_nfc_dh_pubkey);
- wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey);
+ if (wps->dh_privkey && pubkey)
+ wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey);
#endif /* CONFIG_WPS_NFC */
} else {
wpa_printf(MSG_DEBUG, "WPS: Generate new DH keys");