EAP-pwd peer: Fix error path for unexpected Confirm message
If the Confirm message is received from the server before the Identity
exchange has been completed, the group has not yet been determined and
data->grp is NULL. The error path in eap_pwd_perform_confirm_exchange()
did not take this corner case into account and could end up
dereferencing a NULL pointer and terminating the process if invalid
message sequence is received. (CVE-2015-5316)
Bug: 25510817
Change-Id: Ied4eda9070f03dddbed476e153d5bf067d16b2cd
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
1 file changed