[PATCH 6/7] wpa_supplicant: fix null dereference in tls_verify_cb()
Ilan Peer
ilan.peer
Mon Feb 10 02:55:08 PST 2014
From: Eytan Lifshitz <eytan.lifshitz at intel.com>
In function tls_verify_cb(), X509_STORE_CTX_get_current_cert() may
return null, and it will be dereference by X509_get_subject_name().
Signed-hostap: Eytan Lifshitz <eytan.lifshitz at intel.com>
---
src/crypto/tls_openssl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index d025ae0..a13fa38 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1368,6 +1368,9 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
const char *err_str;
err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+ if (!err_cert)
+ return 0;
+
err = X509_STORE_CTX_get_error(x509_ctx);
depth = X509_STORE_CTX_get_error_depth(x509_ctx);
ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
--
1.7.10.4
More information about the Hostap
mailing list