Make sure that EAP callbacks are not done if state machine has been removed

It is possible to get a response for a pending EAP callback after the
EAP state machine has already completed its work or has timed out. For
those cases, make sure that the callback function is not delivered since
it could result in NULL pointer dereferences.

diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index 4aa71ad..e600954 100644 (file)
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -1017,7 +1017,7 @@ static struct eapol_callbacks eapol_cb =
 
 int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx)
 {
-       if (sm == NULL || ctx != sm->eap)
+       if (sm == NULL || ctx == NULL || ctx != sm->eap)
                return -1;
 
        eap_sm_pending_cb(sm->eap);