EAP-SAKE: Do not debug print result if eap_sake_compute_mic() fails

This gets rid of a valgrind warning on uninitialized memory read in the
eap_proto_sake_errors test case where the result was used after the
failed eap_sake_compute_mic() call.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/eap_peer/eap_sake.c b/src/eap_peer/eap_sake.c
index 80f4667..330febb 100644 (file)
--- a/src/eap_peer/eap_sake.c
+++ b/src/eap_peer/eap_sake.c
@@ -309,11 +309,20 @@ static struct wpabuf * eap_sake_process_confirm(struct eap_sm *sm,
                return NULL;
        }
 
-       eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
-                            data->serverid, data->serverid_len,
-                            data->peerid, data->peerid_len, 0,
-                            wpabuf_head(reqData), wpabuf_len(reqData),
-                            attr.mic_s, mic_s);
+       if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
+                                data->serverid, data->serverid_len,
+                                data->peerid, data->peerid_len, 0,
+                                wpabuf_head(reqData), wpabuf_len(reqData),
+                                attr.mic_s, mic_s)) {
+               wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
+               eap_sake_state(data, FAILURE);
+               ret->methodState = METHOD_DONE;
+               ret->decision = DECISION_FAIL;
+               ret->allowNotifications = FALSE;
+               wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Auth-Reject");
+               return eap_sake_build_msg(data, id, 0,
+                                         EAP_SAKE_SUBTYPE_AUTH_REJECT);
+       }
        if (os_memcmp_const(attr.mic_s, mic_s, EAP_SAKE_MIC_LEN) != 0) {
                wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_S");
                eap_sake_state(data, FAILURE);