Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-29 08:14:02 -05:00
Code Issues Projects Releases Wiki Activity

EAP-pwd peer: Fix memory leak in eap_pwd_perform_confirm_exchange()

Browse Source 
hash variable is allocated memory using eap_pwd_h_init(), but there are
couple of error case code paths which skips deallocation of hash. The
memory of hash is deallocated using eap_pwd_h_final(). Fix this by
calling eap_pwd_h_final() at the end of the function if execution got
there through one of those error cases.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
This commit is contained in:
Nishant Chaprana 2018-08-21 17:07:51 +05:30 committed by Jouni Malinen
parent 30a67736dc
commit 391d922bcf
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/eap_peer/eap_pwd.c
View File

@ -696,7 +696,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
const struct wpabuf *reqData,
const u8 *payload, size_t payload_len)
{
struct crypto_hash *hash;
struct crypto_hash *hash = NULL;
u32 cs;
u16 grp;
u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
@ -783,6 +783,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
/* random function fin */
eap_pwd_h_final(hash, conf);
hash = NULL;
ptr = (u8 *) payload;
if (os_memcmp_const(conf, ptr, SHA256_MAC_LEN)) {
@ -836,6 +837,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
/* all done */
eap_pwd_h_final(hash, conf);
hash = NULL;
if (compute_keys(data->grp, data->k,
data->my_scalar, data->server_scalar, conf, ptr,
@ -860,6 +862,10 @@ fin:
} else {
eap_pwd_state(data, SUCCESS_ON_FRAG_COMPLETION);
}
/* clean allocated memory */
if (hash)
eap_pwd_h_final(hash, conf);
}