eap-mschapv2: Check Password-Hash exists when loading settings

Caught by static analysis, the Password-Hash was never validated so it could end up memcpying from a NULL pointer.
2025-10-31 13:17:25 +01:00 · 2024-03-01 11:40:54 -08:00 · 2024-03-01 11:40:54 -08:00 · eb3345b51b
commit eb3345b51b
parent 795f57e816
1 changed files with 3 additions and 0 deletions
--- a/src/eap-mschapv2.c
+++ b/src/eap-mschapv2.c
@ -531,6 +531,9 @@ static bool eap_mschapv2_load_settings(struct eap_state *eap,
 		snprintf(setting, sizeof(setting), "%sPassword-Hash", prefix);
 		hash = l_settings_get_bytes(settings, "Security", setting,
 						&hash_len);
+		if (!hash)
+			goto error;
+
 		memcpy(state->password_hash, hash, 16);
 		explicit_bzero(hash, 16);
 		l_free(hash);