Reject TLS-based EAP server method if TLS context not initialized

It was possible to configure hostapd in a way that could try to
initialize a TLS-based EAP method even when TLS library context was not
initialized (e.g., due to not configuring server or CA certificate).
Such a case could potentially result in NULL pointer dereference in the
TLS library, so check for this condition and reject EAP method
initialization.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-11-24 18:01:12 +02:00
parent 19ae1d0788
commit 6b417a1b77

View file

@ -33,6 +33,11 @@ struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
int verify_peer) int verify_peer)
{ {
if (sm->ssl_ctx == NULL) {
wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method");
return -1;
}
data->eap = sm; data->eap = sm;
data->phase2 = sm->init_phase2; data->phase2 = sm->init_phase2;