DPP: Fix error path processing in decryption of E-id

If any of the operations on a successfully allocated e_id fails
dpp_decrypt_e_id() freed e_id, but forgot to clear the pointer that gets
returned to the caller. This could result in at least a theoretical use
of freed memory. Fix this by clearing the pointer to return an
appropriate indication of the failed operation.

Signed-off-by: Burvin Shi <burvin@amazon.com>

diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index f17f95a2ca34c4b38d782a693b2cb12e8b7664c4..4b5f24378e7b9433b95b0b004c3e2d553e6fe5c6 100644 (file)
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -2371,6 +2371,7 @@ struct crypto_ec_point * dpp_decrypt_e_id(struct crypto_ec_key *ppkey,
            crypto_ec_point_invert(ec, e_id) ||
            crypto_ec_point_add(ec, e_id, e_prime_id_point, e_id)) {
                crypto_ec_point_deinit(e_id, 1);
+               e_id = NULL;
                goto fail;
        }