Make sure that EAP callbacks are not done if state machine has been removed

It is possible to get a response for a pending EAP callback after the
EAP state machine has already completed its work or has timed out. For
those cases, make sure that the callback function is not delivered since
it could result in NULL pointer dereferences.

diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index 4aa71ad0378ab7dee45fab86cb861627d5615764..e600954861a13e97c1a62d1ce01e2382145e5486 100644 (file)
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -1017,7 +1017,7 @@ static struct eapol_callbacks eapol_cb =
 
 int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx)
 {
-       if (sm == NULL || ctx != sm->eap)
+       if (sm == NULL || ctx == NULL || ctx != sm->eap)
                return -1;
 
        eap_sm_pending_cb(sm->eap);