The NFC connection handover specific case of WPS public key generation
did not verify whether the two wpabuf_dup() calls succeed. Those may
return NULL due to an allocation failure and that would result in a NULL
pointer dereference in dh5_init_fixed().
Fix this by checking memory allocation results explicitly. If either of
the allocations fail, do not try to initialize wps->dh_ctx and instead,
report the failure through the existing error case handler below.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org
}
wps->dh_privkey = wpabuf_dup(wps->wps->ap_nfc_dh_privkey);
pubkey = wpabuf_dup(wps->wps->ap_nfc_dh_pubkey);
- wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey);
+ if (wps->dh_privkey && pubkey)
+ wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey);
#endif /* CONFIG_WPS_NFC */
} else {
wpa_printf(MSG_DEBUG, "WPS: Generate new DH keys");