From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Wed, 11 Oct 2017 15:19:03 +0000 (+0300)
Subject: DPP: Fix static analyzer warnings in key generation and JWK construction
X-Git-Tag: hostap_2_7~1043
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58efbcbcd457eddb3e5f6704e6f19d7327d09915;p=thirdparty%2Fhostap.git

DPP: Fix static analyzer warnings in key generation and JWK construction

Memory allocation failures could have resulted in error paths that
dereference a NULL pointer or double-freeing memory. Fix this by
explicitly clearing the freed pointer and checking allocation results.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 649464bce..79ac49a7d 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -1203,6 +1203,7 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
 
 	base64 = base64_encode(der, der_len, &len);
 	OPENSSL_free(der);
+	der = NULL;
 	if (!base64)
 		goto fail;
 	pos = (char *) base64;
@@ -2962,6 +2963,8 @@ static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
 	x = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
 	pos += curve->prime_len;
 	y = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
+	if (!x || !y)
+		goto fail;
 
 	wpabuf_put_str(buf, "\"");
 	wpabuf_put_str(buf, name);
@@ -2977,13 +2980,11 @@ static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
 	}
 	wpabuf_put_str(buf, "\"}");
 	ret = 0;
-out:
+fail:
 	wpabuf_free(pub);
 	os_free(x);
 	os_free(y);
 	return ret;
-fail:
-	goto out;
 }