Fixed EAP-TTLS server to verify eap_ttls_phase2_eap_init() return code

It is possible that the initialization of the Phase 2 EAP method fails and
if that happens, we need to stop EAP-TTLS server from trying to continue
using the uninitialized EAP method. Otherwise, the server could trigger
a segmentation fault when dereferencing a NULL pointer.

diff --git a/src/eap_server/eap_ttls.c b/src/eap_server/eap_ttls.c
index 1ff9ea0..b097ab2 100644 (file)
--- a/src/eap_server/eap_ttls.c
+++ b/src/eap_server/eap_ttls.c
@@ -991,7 +991,13 @@ static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
                                sm->user_eap_method_index++].method;
                        wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d",
                                   next_type);
-                       eap_ttls_phase2_eap_init(sm, data, next_type);
+                       if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
+                               wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to "
+                                          "initialize EAP type %d",
+                                          next_type);
+                               eap_ttls_state(data, FAILURE);
+                               return;
+                       }
                } else {
                        eap_ttls_state(data, FAILURE);
                }
@@ -1061,7 +1067,11 @@ static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
                break;
        }
 
-       eap_ttls_phase2_eap_init(sm, data, next_type);
+       if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
+               wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize EAP "
+                          "type %d", next_type);
+               eap_ttls_state(data, FAILURE);
+       }
 }