From: Disha Das <dishad@codeaurora.org>
Date: Tue, 27 Oct 2020 07:39:31 +0000 (+0530)
Subject: DPP2: Explicitly check EC_KEY before dereferencing it
X-Git-Tag: hostap_2_10~795
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=02289ab537e94d47f01156b672c697ce78cdbab0;p=thirdparty%2Fhostap.git

DPP2: Explicitly check EC_KEY before dereferencing it

In theory, the EVP_PKEY_get0_EC_KEY() could fail, so verify that it
succeeds before using the pointer to get the group.

Fixes: 65e94351dc4a ("DPP2: Reconfig Authentication Request processing and Response generation")
Signed-off-by: Disha Das <dishad@codeaurora.org>
---

diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 7c4801531..37c2b692b 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -2305,13 +2305,15 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
 	/* M = { cR + pR } * CI */
 	cR = EVP_PKEY_get0_EC_KEY(own_key);
 	pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
+	if (!pR)
+		goto fail;
 	group = EC_KEY_get0_group(pR);
 	bnctx = BN_CTX_new();
 	sum = BN_new();
 	mx = BN_new();
 	q = BN_new();
 	m = EC_POINT_new(group);
-	if (!cR || !pR || !bnctx || !sum || !mx || !q || !m)
+	if (!cR || !bnctx || !sum || !mx || !q || !m)
 		goto fail;
 	cR_bn = EC_KEY_get0_private_key(cR);
 	pR_bn = EC_KEY_get0_private_key(pR);