From: Jouni Malinen <j@w1.fi>
Date: Fri, 12 Feb 2010 18:51:10 +0000 (+0200)
Subject: OpenSSL: Fix tls_init(NULL) with FIPS-enabled build
X-Git-Tag: hostap_0_7_2~202
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf123d7f4ca69b267e4c0225d31191f95b771012;p=thirdparty%2Fhostap.git

OpenSSL: Fix tls_init(NULL) with FIPS-enabled build

The conf argument to tls_init() may be NULL (as it is when using
hostapd), so we must check that here before dereferencing the
pointer.
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 1c0025227..76b23a661 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -667,7 +667,7 @@ void * tls_init(const struct tls_config *conf)
 	if (tls_openssl_ref_count == 0) {
 #ifdef CONFIG_FIPS
 #ifdef OPENSSL_FIPS
-		if (conf->fips_mode) {
+		if (conf && conf->fips_mode) {
 			if (!FIPS_mode_set(1)) {
 				wpa_printf(MSG_ERROR, "Failed to enable FIPS "
 					   "mode");
@@ -678,7 +678,7 @@ void * tls_init(const struct tls_config *conf)
 				wpa_printf(MSG_INFO, "Running in FIPS mode");
 		}
 #else /* OPENSSL_FIPS */
-		if (conf->fips_mode) {
+		if (conf && conf->fips_mode) {
 			wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
 				   "supported");
 			return NULL;