|
|
@@ -1166,6 +1166,8 @@ int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len)
|
|
|
|
|
|
/* RRB - Forward action frame to the target AP */
|
|
|
frame = os_malloc(sizeof(*frame) + len);
|
|
|
+ if (frame == NULL)
|
|
|
+ return -1;
|
|
|
frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
|
|
|
frame->packet_type = FT_PACKET_REQUEST;
|
|
|
frame->action_length = host_to_le16(len);
|
|
|
@@ -1216,6 +1218,8 @@ static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
|
|
|
rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len;
|
|
|
|
|
|
frame = os_malloc(sizeof(*frame) + rlen);
|
|
|
+ if (frame == NULL)
|
|
|
+ return -1;
|
|
|
frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
|
|
|
frame->packet_type = FT_PACKET_RESPONSE;
|
|
|
frame->action_length = host_to_le16(rlen);
|
Jouni Malinen