commit 96be6222df414a7dde5c5b1b72df22e67b1a77fc
author Dmitry Shmidt <dimitrysh@google.com> Thu Feb 13 10:16:51 2014 -0800
committer Dmitry Shmidt <dimitrysh@google.com> Thu Feb 13 10:16:51 2014 -0800
tree 648fd806c97295bf193c6e82d1807d002f72ab58
parent 5da5e3500763805fe6086d650040e8ddb371c165

Cumulative patch from commit 7ae7a84eefd43ed9385e2f8f520a918468f87178

7ae7a84 NFC: Workaround nfcpy message debug exception
6ceb95c Avoid NULL dereference in ieee802_1x_get_mib_sta() printf
97efe70 wpa_supplicant: Fix NULL dereference in tls_verify_cb()
c0c11af wpa_supplicant: Fix NULL dereference in eap_fast_parse_end()
93a1cae Remove unnecessary NULL check
1e2ffc6 Fix theoretical NULL dereference in debug printf
cbf21c7 P2P: Avoid compiler warning in p2p_supplicant.c
5479ff9 DFS: Avoid compiler warnings in src/ap/dfs.c
5e6aa04 wpa_supplicant: Fix memory leak in wfd_subelems error path
88853ae Fix CONFIG_WPS_NFC=y build without CONFIG_P2P=y
7ac7fd4 Add bssid/freq hint for driver-based BSS selection
92484e2 Start using unodified Developer Certificate of Origin v1.1
56ec49c Sync with wireless-testing.git include/uapi/linux/nl80211.h
b64afe2 Fix SAE state validation on AP
d6bfaaa NFC: Add summary and success file options for nfcpy scripts
25cfc6f P2P NFC: Add p2p-nfc.py --handover-only option
7bea076 P2P NFC: Clean up p2p-nfc.py error handling
b0d18bc WPS: Make UUID-from-MAC Address easily available
825fb6b P2P: Do not indicate P2P_FIND failure if p2p_scan is in progress
8c18fcc WPS: Add more debug information to M7 AP Settings
d7a15d5 WPS: Indicate current AP settings in M7 in unconfigurated state
d55fc03 P2P: Handle unexpected GO Neg Req reject message more cleanly
062a7c0 Fix persistent P2P connection failure in case channel list changes

Change-Id: I5c400a6503f9f00d259ff225999593958322a1ba
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

src/common/sae.c

diff --git a/src/common/sae.c b/src/common/sae.c
index 08bf054..674cb65 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -503,6 +503,8 @@
 		       const u8 *password, size_t password_len,
 		       struct sae_data *sae)
 {
+	if (sae->tmp == NULL)
+		return -1;
 	if (sae->tmp->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password,
 					  password_len) < 0)
 		return -1;
@@ -634,7 +636,8 @@
 int sae_process_commit(struct sae_data *sae)
 {
 	u8 k[SAE_MAX_PRIME_LEN];
-	if ((sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) ||
+	if (sae->tmp == NULL ||
+	    (sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) ||
 	    (sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) ||
 	    sae_derive_keys(sae, k) < 0)
 		return -1;
@@ -646,6 +649,10 @@
 		      const struct wpabuf *token)
 {
 	u8 *pos;
+
+	if (sae->tmp == NULL)
+		return;
+
 	wpabuf_put_le16(buf, sae->group); /* Finite Cyclic Group */
 	if (token)
 		wpabuf_put_buf(buf, token);
@@ -990,6 +997,9 @@
 {
 	const u8 *sc;
 
+	if (sae->tmp == NULL)
+		return;
+
 	/* Send-Confirm */
 	sc = wpabuf_put(buf, 0);
 	wpabuf_put_le16(buf, sae->send_confirm);
@@ -1021,6 +1031,11 @@
 
 	wpa_printf(MSG_DEBUG, "SAE: peer-send-confirm %u", WPA_GET_LE16(data));
 
+	if (sae->tmp == NULL) {
+		wpa_printf(MSG_DEBUG, "SAE: Temporary data not yet available");
+		return -1;
+	}
+
 	if (sae->tmp->ec)
 		sae_cn_confirm_ecc(sae, data, sae->peer_commit_scalar,
 				   sae->tmp->peer_commit_element_ecc,