FT RRB: Validate os_malloc() return value before using it

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-04-27 23:05:15 +03:00
parent 7ca902b53e
commit 2c48211c49

View file

@ -1166,6 +1166,8 @@ int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len)
/* RRB - Forward action frame to the target AP */ /* RRB - Forward action frame to the target AP */
frame = os_malloc(sizeof(*frame) + len); frame = os_malloc(sizeof(*frame) + len);
if (frame == NULL)
return -1;
frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB; frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
frame->packet_type = FT_PACKET_REQUEST; frame->packet_type = FT_PACKET_REQUEST;
frame->action_length = host_to_le16(len); frame->action_length = host_to_le16(len);
@ -1216,6 +1218,8 @@ static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len; rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len;
frame = os_malloc(sizeof(*frame) + rlen); frame = os_malloc(sizeof(*frame) + rlen);
if (frame == NULL)
return -1;
frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB; frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
frame->packet_type = FT_PACKET_RESPONSE; frame->packet_type = FT_PACKET_RESPONSE;
frame->action_length = host_to_le16(rlen); frame->action_length = host_to_le16(rlen);