EAP-pwd: Fix processing of group setup failure

If invalid group was negotiated, compute_password_element() left some of the data->grp pointer uninitialized and this could result in segmentation fault when deinitializing the EAP method. Fix this by explicitly clearing all the pointer with eap_zalloc(). In addition, speed up EAP failure reporting in this type of error case by indicating that the EAP method execution cannot continue anymore on the peer side instead of waiting for a timeout. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 18:38:07 +03:00 · 2014-05-11 18:38:07 +03:00 · 0f73c642cc
commit 0f73c642cc
parent cb4ac38b15
2 changed files with 8 additions and 4 deletions
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@ -599,7 +599,8 @@ static void eap_pwd_process_id_resp(struct eap_sm *sm,
 	wpa_hexdump_ascii(MSG_DEBUG, "EAP-PWD (server): peer sent id of",
 			  data->id_peer, data->id_peer_len);

-	if ((data->grp = os_malloc(sizeof(EAP_PWD_group))) == NULL) {
+	data->grp = os_zalloc(sizeof(EAP_PWD_group));
+	if (data->grp == NULL) {
 		wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for "
 			   "group");
 		return;