Possible bug EAP-PWD

Jouni Malinen j at w1.fi
Sun May 11 11:43:14 EDT 2014


On Sat, May 10, 2014 at 11:59:53PM +0100, Sergio NNX wrote:
> I'd like to report a runtime exception while testing EAP-PWD using eapol_test utility.

Thanks for reporting this!

> EAP-pwd: processing frame: exch 1, len 15
> EAP-PWD (peer): using group 0
> EAP-pwd: unsupported group 0
> EAP-PWD (peer): unable to compute PWE
> EAP-PWD: PWD-ID-Req -> FAILURE

> Program received signal SIGSEGV, Segmentation fault.
> 0x0052149c in EC_GROUP_free ()
> (gdb) bt
> #0  0x0052149c in EC_GROUP_free ()
> #1  0x0045922b in eap_pwd_deinit ()

It looks like the unsupported group case was not handled properly and
deinit code ended up trying to free a pointer from uninitialized memory
in this case. This commit fixes the issue:
http://w1.fi/cgit/hostap/commit/?h=pending&id=c2fdb43ee37066946e61af2f1a737c46f2d23184

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list