From: Rujun Wang <chinawrj@gmail.com>
Date: Mon, 25 Apr 2016 01:01:44 +0000 (+0800)
Subject: WPS: Fix segmentation fault in new DH key derivation
X-Git-Tag: hostap_2_6~507
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=46bac6520de66f6e22fad7ee8b7f4b5d80176758;p=thirdparty%2Fhostap.git

WPS: Fix segmentation fault in new DH key derivation

Commit 4104267e81b0a0acdb43f693a67f236b3237a719 ('Fix memory leak on NFC
DH generation error path') modified dh5_init() behavior in the
non-OpenSSL implementation to free the public key (if any was previously
set). However, this did not update one of the callers to make sure the
publ argument in the call is initialized. This could result in trying to
free invalid pointer and segmentation fault when hostapd or
wpa_supplicant was built against some other crypto library than OpenSSL.

Signed-off-by: Rujun Wang <chinawrj@gmail.com>
---

diff --git a/src/wps/wps_attr_build.c b/src/wps/wps_attr_build.c
index c3befc4f1..2efc27ec4 100644
--- a/src/wps/wps_attr_build.c
+++ b/src/wps/wps_attr_build.c
@@ -20,7 +20,7 @@
 
 int wps_build_public_key(struct wps_data *wps, struct wpabuf *msg)
 {
-	struct wpabuf *pubkey;
+	struct wpabuf *pubkey = NULL;
 
 	wpa_printf(MSG_DEBUG, "WPS:  * Public Key");
 	wpabuf_clear_free(wps->dh_privkey);