aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorMasashi Honma <masashi.honma@gmail.com>2019-03-03 00:52:22 (GMT)
committerJouni Malinen <j@w1.fi>2019-03-08 14:59:27 (GMT)
commit1e653daa31d42bb1ce9f27b9acfc4d3ac46d8fb5 (patch)
tree18cd4e5ebdabe42fa33e979c86aa29025d1ec4c5 /src/radius
parent9ebbdd0aa3c01a2e8f2d438fc3ad5984801a0a0b (diff)
downloadhostap-1e653daa31d42bb1ce9f27b9acfc4d3ac46d8fb5.zip
hostap-1e653daa31d42bb1ce9f27b9acfc4d3ac46d8fb5.tar.gz
hostap-1e653daa31d42bb1ce9f27b9acfc4d3ac46d8fb5.tar.bz2
EAP-pwd server: Fix memory leak with salted passwords
The struct hostapd_eap_user changes with a new allocated variable were not covered in the RADIUS server code. Fix this by using eap_user_free() instead of custom memory freeing operation in radius_server.c. The hwsim tests with salted password (ap_wpa2_eap_pwd_salt_sha1, ap_wpa2_eap_pwd_salt_sha256, ap_wpa2_eap_pwd_salt_sha512) triggered these memory leaks. Fixes: d52ead3db7b2 ("EAP-pwd server: Add support for salted password databases") Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius_server.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 1c15c2c..095144d 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -686,7 +686,7 @@ radius_server_get_new_session(struct radius_server_data *data,
int res;
struct radius_session *sess;
struct eap_config eap_conf;
- struct eap_user tmp;
+ struct eap_user *tmp;
RADIUS_DEBUG("Creating a new session");
@@ -697,12 +697,14 @@ radius_server_get_new_session(struct radius_server_data *data,
}
RADIUS_DUMP_ASCII("User-Name", user, user_len);
- os_memset(&tmp, 0, sizeof(tmp));
- res = data->get_eap_user(data->conf_ctx, user, user_len, 0, &tmp);
- bin_clear_free(tmp.password, tmp.password_len);
+ tmp = os_zalloc(sizeof(*tmp));
+ if (!tmp)
+ return NULL;
+ res = data->get_eap_user(data->conf_ctx, user, user_len, 0, tmp);
if (res != 0) {
RADIUS_DEBUG("User-Name not found from user database");
+ eap_user_free(tmp);
return NULL;
}
@@ -710,10 +712,12 @@ radius_server_get_new_session(struct radius_server_data *data,
sess = radius_server_new_session(data, client);
if (sess == NULL) {
RADIUS_DEBUG("Failed to create a new session");
+ eap_user_free(tmp);
return NULL;
}
- sess->accept_attr = tmp.accept_attr;
- sess->macacl = tmp.macacl;
+ sess->accept_attr = tmp->accept_attr;
+ sess->macacl = tmp->macacl;
+ eap_user_free(tmp);
sess->username = os_malloc(user_len * 4 + 1);
if (sess->username == NULL) {