It was possible to hit a NULL pointer dereference if Session-Id derivation failed due to a memory allocation failure. Signed-off-by: Jouni Malinen <j@w1.fi>
@@ -1721,7 +1721,7 @@ static u8 * eap_fast_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
struct eap_fast_data *data = priv;
u8 *id;
- if (!data->success)
+ if (!data->success || !data->session_id)
return NULL;
id = os_malloc(data->id_len);