[PATCH 6/7] wpa_supplicant: fix null dereference in tls_verify_cb()

Ilan Peer ilan.peer at intel.com
Mon Feb 10 05:55:08 EST 2014


From: Eytan Lifshitz <eytan.lifshitz at intel.com>

In function tls_verify_cb(), X509_STORE_CTX_get_current_cert() may
return null, and it will be dereference by X509_get_subject_name().

Signed-hostap: Eytan Lifshitz <eytan.lifshitz at intel.com>
---
 src/crypto/tls_openssl.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index d025ae0..a13fa38 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1368,6 +1368,9 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
 	const char *err_str;
 
 	err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+	if (!err_cert)
+		return 0;
+
 	err = X509_STORE_CTX_get_error(x509_ctx);
 	depth = X509_STORE_CTX_get_error_depth(x509_ctx);
 	ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
-- 
1.7.10.4



More information about the HostAP mailing list