aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-04-16 22:28:31 (GMT)
committerJouni Malinen <j@w1.fi>2019-04-16 22:48:40 (GMT)
commita9d224f560be8a7761c00681d48da4bd0b57225b (patch)
tree9d1b13673e906cb0b95e8dfc5a55e98aea518990
parent0a9ff3810b7655af55053c33f64db3813a32d4a7 (diff)
downloadhostap-a9d224f560be8a7761c00681d48da4bd0b57225b.zip
hostap-a9d224f560be8a7761c00681d48da4bd0b57225b.tar.gz
hostap-a9d224f560be8a7761c00681d48da4bd0b57225b.tar.bz2
EAP-pwd server: Fix a memory leak on error path
eap_pwd_h_final() needs to be called to free the value from eap_pwd_h_init() even in error cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--src/eap_server/eap_server_pwd.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 81ecd77..11bef55 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -311,7 +311,7 @@ fin:
static void eap_pwd_build_confirm_req(struct eap_sm *sm,
struct eap_pwd_data *data, u8 id)
{
- struct crypto_hash *hash;
+ struct crypto_hash *hash = NULL;
u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
u16 grp;
size_t prime_len, order_len;
@@ -392,6 +392,7 @@ static void eap_pwd_build_confirm_req(struct eap_sm *sm,
/* all done with the random function */
eap_pwd_h_final(hash, conf);
+ hash = NULL;
os_memcpy(data->my_confirm, conf, SHA256_MAC_LEN);
data->outbuf = wpabuf_alloc(SHA256_MAC_LEN);
@@ -404,6 +405,7 @@ fin:
bin_clear_free(cruft, prime_len * 2);
if (data->outbuf == NULL)
eap_pwd_state(data, FAILURE);
+ eap_pwd_h_final(hash, NULL);
}
@@ -742,7 +744,7 @@ static void
eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
const u8 *payload, size_t payload_len)
{
- struct crypto_hash *hash;
+ struct crypto_hash *hash = NULL;
u32 cs;
u16 grp;
u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
@@ -817,6 +819,7 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
/* all done */
eap_pwd_h_final(hash, conf);
+ hash = NULL;
ptr = (u8 *) payload;
if (os_memcmp_const(conf, ptr, SHA256_MAC_LEN)) {
@@ -836,6 +839,7 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
fin:
bin_clear_free(cruft, prime_len * 2);
+ eap_pwd_h_final(hash, NULL);
}