DPP: Fix static analyzer warnings in key generation and JWK construction

Memory allocation failures could have resulted in error paths that
dereference a NULL pointer or double-freeing memory. Fix this by
explicitly clearing the freed pointer and checking allocation results.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 649464bcea2847d352d8a6b7fc6bd2f336b5e67d..79ac49a7d0ca726bb487f77a439138e988455522 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -1203,6 +1203,7 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
 
        base64 = base64_encode(der, der_len, &len);
        OPENSSL_free(der);
+       der = NULL;
        if (!base64)
                goto fail;
        pos = (char *) base64;
@@ -2962,6 +2963,8 @@ static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
        x = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
        pos += curve->prime_len;
        y = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
+       if (!x || !y)
+               goto fail;
 
        wpabuf_put_str(buf, "\"");
        wpabuf_put_str(buf, name);
@@ -2977,13 +2980,11 @@ static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
        }
        wpabuf_put_str(buf, "\"}");
        ret = 0;
-out:
+fail:
        wpabuf_free(pub);
        os_free(x);
        os_free(y);
        return ret;
-fail:
-       goto out;
 }