Fixed potential NULL pointer dereference if memory allocation fails

author Jouni Malinen <j@w1.fi>

Thu, 5 Jun 2008 17:44:30 +0000 (20:44 +0300)

committer Jouni Malinen <j@w1.fi>

Thu, 5 Jun 2008 17:44:30 +0000 (20:44 +0300)
author Jouni Malinen <j@w1.fi>
Thu, 5 Jun 2008 17:44:30 +0000 (20:44 +0300)
committer Jouni Malinen <j@w1.fi>
Thu, 5 Jun 2008 17:44:30 +0000 (20:44 +0300)
diff --git a/src/eap_server/eap_tls_common.c b/src/eap_server/eap_tls_common.c

index 4f91ee7..befc1bf 100644 (file)
--- a/src/eap_server/eap_tls_common.c
+++ b/src/eap_server/eap_tls_common.c
@@ -114,6 +114,10 @@ struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
         size_t send_len, plen;
  
         wpa_printf(MSG_DEBUG, "SSL: Generating Request");
+       if (data->out_buf == NULL) {
+               wpa_printf(MSG_ERROR, "SSL: out_buf NULL in %s", __func__);
+               return NULL;
+       }
  
         flags = version;
         send_len = wpabuf_len(data->out_buf) - data->out_used;
@@ -342,6 +346,8 @@ struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
         /* reserve some extra room for encryption overhead */
         buf_len = plain_len + 200;
         buf = wpabuf_alloc(buf_len);
+       if (buf == NULL)
+               return NULL;
         res = tls_connection_encrypt(sm->ssl_ctx, data->conn,
                                      plain, plain_len, wpabuf_put(buf, 0),
                                      buf_len);
author	Jouni Malinen <j@w1.fi>
	Thu, 5 Jun 2008 17:44:30 +0000 (20:44 +0300)
committer	Jouni Malinen <j@w1.fi>
	Thu, 5 Jun 2008 17:44:30 +0000 (20:44 +0300)