diff options
| author | Michael Brown | 2015-09-29 02:24:36 +0200 |
|---|---|---|
| committer | Michael Brown | 2015-09-29 02:24:36 +0200 |
| commit | 0a4805bf943be5b573b0560ecfcc88ff9999fd95 (patch) | |
| tree | 69029e0e23b4e0cd9626c6ee8f0c52c49e48eb7f | |
| parent | [malloc] Avoid integer overflow for excessively large memory allocations (diff) | |
| download | ipxe-0a4805bf943be5b573b0560ecfcc88ff9999fd95.tar.gz ipxe-0a4805bf943be5b573b0560ecfcc88ff9999fd95.tar.xz ipxe-0a4805bf943be5b573b0560ecfcc88ff9999fd95.zip | |
[peerdist] Avoid NULL pointer dereference for plaintext blocks
Avoid accidentally dereferencing a NULL cipher context pointer for
plaintext blocks (which are usually messages with a block length of
zero, indicating a missing block).
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/net/peerblk.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/net/peerblk.c b/src/net/peerblk.c index fd7ea0893..9fd52b736 100644 --- a/src/net/peerblk.c +++ b/src/net/peerblk.c @@ -700,17 +700,20 @@ static int peerblk_parse_header ( struct peerdist_block *peerblk ) { return -EPROTO; } - /* Allocate cipher context. Freeing the cipher context (on - * error or otherwise) is handled by peerblk_reset(). + /* Allocate cipher context, if applicable. Freeing the cipher + * context (on error or otherwise) is handled by peerblk_reset(). */ peerblk->cipher = cipher; assert ( peerblk->cipherctx == NULL ); - peerblk->cipherctx = malloc ( cipher->ctxsize ); - if ( ! peerblk->cipherctx ) - return -ENOMEM; + if ( cipher ) { + peerblk->cipherctx = malloc ( cipher->ctxsize ); + if ( ! peerblk->cipherctx ) + return -ENOMEM; + } - /* Initialise cipher */ - if ( ( rc = cipher_setkey ( cipher, peerblk->cipherctx, peerblk->secret, + /* Initialise cipher, if applicable */ + if ( cipher && + ( rc = cipher_setkey ( cipher, peerblk->cipherctx, peerblk->secret, keylen ) ) != 0 ) { DBGC ( peerblk, "PEERBLK %p %d.%d could not set key: %s\n", peerblk, peerblk->segment, peerblk->block, |