From 02289ab537e94d47f01156b672c697ce78cdbab0 Mon Sep 17 00:00:00 2001 From: Disha Das Date: Tue, 27 Oct 2020 13:09:31 +0530 Subject: [PATCH] DPP2: Explicitly check EC_KEY before dereferencing it In theory, the EVP_PKEY_get0_EC_KEY() could fail, so verify that it succeeds before using the pointer to get the group. Fixes: 65e94351dc4a ("DPP2: Reconfig Authentication Request processing and Response generation") Signed-off-by: Disha Das --- src/common/dpp_crypto.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c index 7c4801531..37c2b692b 100644 --- a/src/common/dpp_crypto.c +++ b/src/common/dpp_crypto.c @@ -2305,13 +2305,15 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth, /* M = { cR + pR } * CI */ cR = EVP_PKEY_get0_EC_KEY(own_key); pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key); + if (!pR) + goto fail; group = EC_KEY_get0_group(pR); bnctx = BN_CTX_new(); sum = BN_new(); mx = BN_new(); q = BN_new(); m = EC_POINT_new(group); - if (!cR || !pR || !bnctx || !sum || !mx || !q || !m) + if (!cR || !bnctx || !sum || !mx || !q || !m) goto fail; cR_bn = EC_KEY_get0_private_key(cR); pR_bn = EC_KEY_get0_private_key(pR);