From 607bcf61a4d8e202fdf8e2aefdd7f72eca12f2a5 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 4 Dec 2011 16:59:16 +0200
Subject: Check nt_password_hash() return code

While this is unlikely to fail in practice, better be more consistent
in validating nt_password_hash() result.

Signed-hostap: Jouni Malinen <j@w1.fi>
---
 src/eap_server/eap_server_mschapv2.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'src/eap_server/eap_server_mschapv2.c')

diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c
index 64120a4..f5ee7f4 100644
--- a/src/eap_server/eap_server_mschapv2.c
+++ b/src/eap_server/eap_server_mschapv2.c
@@ -405,9 +405,12 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
 		if (sm->user->password_hash) {
 			pw_hash = sm->user->password;
 		} else {
-			nt_password_hash(sm->user->password,
-					 sm->user->password_len,
-					 pw_hash_buf);
+			if (nt_password_hash(sm->user->password,
+					     sm->user->password_len,
+					     pw_hash_buf) < 0) {
+				data->state = FAILURE;
+				return;
+			}
 			pw_hash = pw_hash_buf;
 		}
 		generate_authenticator_response_pwhash(
-- 
cgit v1.1