diff options
| author | Jouni Malinen <jouni@qca.qualcomm.com> | 2015-08-17 23:06:02 +0000 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2015-10-09 11:19:34 -0700 |
| commit | 4f41a26403f9726fdb388ed0e58695c38931a96b (patch) | |
| tree | a6aa6618ee459460881b4bc74a4173411e426244 /src | |
| parent | d38ac1e31cd8cbbc2d00170761b32dcd3bd4eab7 (diff) | |
| download | android_external_wpa_supplicant_8-4f41a26403f9726fdb388ed0e58695c38931a96b.tar.gz android_external_wpa_supplicant_8-4f41a26403f9726fdb388ed0e58695c38931a96b.tar.bz2 android_external_wpa_supplicant_8-4f41a26403f9726fdb388ed0e58695c38931a96b.zip | |
BoringSSL: Fix PKCS12_parse() segfault when used without password
Unlike OpenSSL PKCS12_parse(), the BoringSSL version seems to require
the password pointer to be non-NULL even if no password is present. Map
passwrd == NULL to passwd = "" to avoid a NULL pointer dereference
within BoringSSL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: c07e7b43e91f8058b38e5534a53302f69d037dc8
Git-repo : git://w1.fi/srv/git/hostap.git
Change-Id: I37b2e1a04877ec7a2b2c3d3473ac5f9c92041cca
CRs-fixed: 915372
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/tls_openssl.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 0f923c0b..844ff8e1 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2084,6 +2084,8 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, pkey = NULL; cert = NULL; certs = NULL; + if (!passwd) + passwd = ""; if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) { tls_show_errors(MSG_DEBUG, __func__, "Failed to parse PKCS12 file"); |