mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
EAP-pwd: Fix memory leak on error path with fragmentation
If fragmentation is used, the temporary inbuf/outbuf could have been leaked in error cases (e.g., reaching maximum number of roundtrips). Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
4fc412ae76
commit
48f668eecf
@ -161,6 +161,8 @@ static void eap_pwd_deinit(struct eap_sm *sm, void *priv)
|
|||||||
BN_free(data->grp->prime);
|
BN_free(data->grp->prime);
|
||||||
os_free(data->grp);
|
os_free(data->grp);
|
||||||
}
|
}
|
||||||
|
wpabuf_free(data->inbuf);
|
||||||
|
wpabuf_free(data->outbuf);
|
||||||
os_free(data);
|
os_free(data);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -773,6 +775,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
|
|||||||
(int) data->in_frag_pos,
|
(int) data->in_frag_pos,
|
||||||
(int) wpabuf_len(data->inbuf));
|
(int) wpabuf_len(data->inbuf));
|
||||||
wpabuf_free(data->inbuf);
|
wpabuf_free(data->inbuf);
|
||||||
|
data->inbuf = NULL;
|
||||||
data->in_frag_pos = 0;
|
data->in_frag_pos = 0;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -824,6 +827,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
|
|||||||
*/
|
*/
|
||||||
if (data->in_frag_pos) {
|
if (data->in_frag_pos) {
|
||||||
wpabuf_free(data->inbuf);
|
wpabuf_free(data->inbuf);
|
||||||
|
data->inbuf = NULL;
|
||||||
data->in_frag_pos = 0;
|
data->in_frag_pos = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -150,6 +150,8 @@ static void eap_pwd_reset(struct eap_sm *sm, void *priv)
|
|||||||
BN_free(data->grp->prime);
|
BN_free(data->grp->prime);
|
||||||
os_free(data->grp);
|
os_free(data->grp);
|
||||||
}
|
}
|
||||||
|
wpabuf_free(data->inbuf);
|
||||||
|
wpabuf_free(data->outbuf);
|
||||||
os_free(data);
|
os_free(data);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -523,6 +525,7 @@ eap_pwd_build_req(struct eap_sm *sm, void *priv, u8 id)
|
|||||||
*/
|
*/
|
||||||
if (data->out_frag_pos >= wpabuf_len(data->outbuf)) {
|
if (data->out_frag_pos >= wpabuf_len(data->outbuf)) {
|
||||||
wpabuf_free(data->outbuf);
|
wpabuf_free(data->outbuf);
|
||||||
|
data->outbuf = NULL;
|
||||||
data->out_frag_pos = 0;
|
data->out_frag_pos = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -949,6 +952,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
|
|||||||
*/
|
*/
|
||||||
if (data->in_frag_pos) {
|
if (data->in_frag_pos) {
|
||||||
wpabuf_free(data->inbuf);
|
wpabuf_free(data->inbuf);
|
||||||
|
data->inbuf = NULL;
|
||||||
data->in_frag_pos = 0;
|
data->in_frag_pos = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user