From 2c3d95c7e050b99bec303026369ebaafc5aab5f2 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 16 May 2016 20:08:53 +0300 Subject: [PATCH] Check md5_vector() result in decrypt_ms_key() This gets rid of a valgrind warning on uninitialized memory read in the hostapd_oom_wpa2_eap_connect test case where the result is used after failed md5_vector() call. Signed-off-by: Jouni Malinen --- src/radius/radius.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/radius/radius.c b/src/radius/radius.c index 67cb92fac..defcd9274 100644 --- a/src/radius/radius.c +++ b/src/radius/radius.c @@ -1018,7 +1018,10 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len, addr[1] = pos - MD5_MAC_LEN; elen[1] = MD5_MAC_LEN; } - md5_vector(first ? 3 : 2, addr, elen, hash); + if (md5_vector(first ? 3 : 2, addr, elen, hash) < 0) { + os_free(plain); + return NULL; + } first = 0; for (i = 0; i < MD5_MAC_LEN; i++)