projects / mech_eap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c0c11af)
wpa_supplicant: Fix NULL dereference in tls_verify_cb()
authorEytan Lifshitz <eytan.lifshitz@intel.com>
Mon, 10 Feb 2014 10:55:08 +0000 (12:55 +0200)
committerJouni Malinen <j@w1.fi>
Thu, 13 Feb 2014 13:58:21 +0000 (15:58 +0200)
In function tls_verify_cb(), X509_STORE_CTX_get_current_cert() may
return NULL, and it will be dereferenced by X509_get_subject_name().

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>

src/crypto/tls_openssl.c patch | blob | history

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index d025ae0..a13fa38 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1368,6 +1368,9 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
        const char *err_str;
 
        err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+       if (!err_cert)
+               return 0;
+
        err = X509_STORE_CTX_get_error(x509_ctx);
        depth = X509_STORE_CTX_get_error_depth(x509_ctx);
        ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
Moonshot GSS-API mechanism