aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2017-03-05 14:16:42 (GMT)
committerJouni Malinen <j@w1.fi>2017-03-05 14:18:57 (GMT)
commitde01f254a61a4432ba89f3a5dc950d8678021d44 (patch)
tree4fa36f076c585fa6d2aa58866cf2f8f5efd069a4 /src
parenta47f214e3f6a20b0afa5cd746632de000f8677b8 (diff)
downloadhostap-de01f254a61a4432ba89f3a5dc950d8678021d44.zip
hostap-de01f254a61a4432ba89f3a5dc950d8678021d44.tar.gz
hostap-de01f254a61a4432ba89f3a5dc950d8678021d44.tar.bz2
RADIUS server: Fix error paths in new session creation
radius_server_session_free() does not remove the session from the session list and these radius_server_get_new_session() error paths ended up leaving a pointer to freed memory into the session list. This resulted in the following operations failing due to use of freed memory. Fix this by using radius_server_session_remove() which removes the entry from the list in addition to calling radius_server_session_free(). Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
-rw-r--r--src/radius/radius_server.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index e8bef45..6cce2ff 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -662,14 +662,14 @@ radius_server_get_new_session(struct radius_server_data *data,
sess->username = os_malloc(user_len * 4 + 1);
if (sess->username == NULL) {
- radius_server_session_free(data, sess);
+ radius_server_session_remove(data, sess);
return NULL;
}
printf_encode(sess->username, user_len * 4 + 1, user, user_len);
sess->nas_ip = os_strdup(from_addr);
if (sess->nas_ip == NULL) {
- radius_server_session_free(data, sess);
+ radius_server_session_remove(data, sess);
return NULL;
}
@@ -702,7 +702,7 @@ radius_server_get_new_session(struct radius_server_data *data,
if (sess->eap == NULL) {
RADIUS_DEBUG("Failed to initialize EAP state machine for the "
"new session");
- radius_server_session_free(data, sess);
+ radius_server_session_remove(data, sess);
return NULL;
}
sess->eap_if = eap_get_interface(sess->eap);