Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

DPP: Fix static analyzer warnings in key generation and JWK construction

Memory allocation failures could have resulted in error paths that
dereference a NULL pointer or double-freeing memory. Fix this by
explicitly clearing the freed pointer and checking allocation results.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 7 years ago
parent
f516090228
commit
58efbcbcd4
1 changed files with 4 additions and 3 deletions
Split View Show Diff Stats
  1. 4 3
      src/common/dpp.c

+ 4 - 3
src/common/dpp.c
View File 

@@ -1203,6 +1203,7 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
 
 
 	base64 = base64_encode(der, der_len, &len);
 
 	OPENSSL_free(der);
 
+	der = NULL;
 
 	if (!base64)
 
 		goto fail;
 
 	pos = (char *) base64;
 
@@ -2962,6 +2963,8 @@ static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
 
 	x = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
 
 	pos += curve->prime_len;
 
 	y = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
 
+	if (!x || !y)
 
+		goto fail;
 
 
 	wpabuf_put_str(buf, "\"");
 
 	wpabuf_put_str(buf, name);
 
@@ -2977,13 +2980,11 @@ static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
 
 	}
 
 	wpabuf_put_str(buf, "\"}");
 
 	ret = 0;
 
-out:
 
+fail:
 
 	wpabuf_free(pub);
 
 	os_free(x);
 
 	os_free(y);
 
 	return ret;
 
-fail:
 
-	goto out;
 
 }