mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
wpa_supplicant: Fix memory leaks in ieee802_1x_create_preshared_mka()
In case MKA is initialized successfully, local copies of CAK and CKN
were allocated, but never freed. Ensure that such memory is released
also when ieee802_1x_kay_create_mka() returns a valid pointer.
Fixes: ad51731abf
("wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA")
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
This commit is contained in:
parent
3a52f6b387
commit
22151b111b
@ -392,25 +392,25 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
|
|||||||
{
|
{
|
||||||
struct mka_key *cak;
|
struct mka_key *cak;
|
||||||
struct mka_key_name *ckn;
|
struct mka_key_name *ckn;
|
||||||
void *res;
|
void *res = NULL;
|
||||||
|
|
||||||
if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
|
if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
|
||||||
return NULL;
|
goto end;
|
||||||
|
|
||||||
if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
ckn = os_zalloc(sizeof(*ckn));
|
ckn = os_zalloc(sizeof(*ckn));
|
||||||
if (!ckn)
|
if (!ckn)
|
||||||
goto dealloc;
|
goto end;
|
||||||
|
|
||||||
cak = os_zalloc(sizeof(*cak));
|
cak = os_zalloc(sizeof(*cak));
|
||||||
if (!cak)
|
if (!cak)
|
||||||
goto free_ckn;
|
goto free_ckn;
|
||||||
|
|
||||||
|
if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
|
||||||
|
goto free_cak;
|
||||||
|
|
||||||
|
if (wpa_s->kay->policy == DO_NOT_SECURE)
|
||||||
|
goto dealloc;
|
||||||
|
|
||||||
cak->len = MACSEC_CAK_LEN;
|
cak->len = MACSEC_CAK_LEN;
|
||||||
os_memcpy(cak->key, ssid->mka_cak, cak->len);
|
os_memcpy(cak->key, ssid->mka_cak, cak->len);
|
||||||
|
|
||||||
@ -419,17 +419,15 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
|
|||||||
|
|
||||||
res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);
|
res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);
|
||||||
if (res)
|
if (res)
|
||||||
return res;
|
goto free_cak;
|
||||||
|
|
||||||
|
dealloc:
|
||||||
/* Failed to create MKA */
|
/* Failed to create MKA */
|
||||||
|
ieee802_1x_dealloc_kay_sm(wpa_s);
|
||||||
|
free_cak:
|
||||||
os_free(cak);
|
os_free(cak);
|
||||||
|
|
||||||
/* fallthrough */
|
|
||||||
|
|
||||||
free_ckn:
|
free_ckn:
|
||||||
os_free(ckn);
|
os_free(ckn);
|
||||||
dealloc:
|
end:
|
||||||
ieee802_1x_dealloc_kay_sm(wpa_s);
|
return res;
|
||||||
|
|
||||||
return NULL;
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user