aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorSabrina Dubroca <sd@queasysnail.net>2017-08-22 08:34:19 (GMT)
committerJouni Malinen <j@w1.fi>2017-09-10 19:23:25 (GMT)
commit7612e65b9bdfe03e5a018e3c897f4a3292c42ee4 (patch)
tree741cebda0cca7e1e374c795024b3317694c8bc4f /wpa_supplicant
parent2c66c7d115368f0875d89d7fbd25e9209ea3d915 (diff)
downloadhostap-7612e65b9bdfe03e5a018e3c897f4a3292c42ee4.zip
hostap-7612e65b9bdfe03e5a018e3c897f4a3292c42ee4.tar.gz
hostap-7612e65b9bdfe03e5a018e3c897f4a3292c42ee4.tar.bz2
mka: Add error handling for secy_init_macsec() calls
secy_init_macsec() can fail (if ->macsec_init fails), and ieee802_1x_kay_init() should handle this and not let MKA run any further, because nothing is going to work anyway. On failure, ieee802_1x_kay_init() must deinit its kay, which will free kay->ctx, so ieee802_1x_kay_init callers (only ieee802_1x_alloc_kay_sm) must not do it. Before this patch there is a double-free of the ctx argument when ieee802_1x_kay_deinit() was called. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/wpas_kay.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c
index d087e00..587e5c3 100644
--- a/wpa_supplicant/wpas_kay.c
+++ b/wpa_supplicant/wpas_kay.c
@@ -235,10 +235,9 @@ int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_port,
ssid->mka_priority, wpa_s->ifname,
wpa_s->own_addr);
- if (res == NULL) {
- os_free(kay_ctx);
+ /* ieee802_1x_kay_init() frees kay_ctx on failure */
+ if (res == NULL)
return -1;
- }
wpa_s->kay = res;