diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 953032d53..cb54c7740 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -307,13 +307,12 @@ static int hostapd_config_read_eap_user(const char *fname, goto failed; } - user->identity = os_malloc(pos - start); + user->identity = os_memdup(start, pos - start); if (user->identity == NULL) { wpa_printf(MSG_ERROR, "Failed to allocate " "memory for EAP identity"); goto failed; } - os_memcpy(user->identity, start, pos - start); user->identity_len = pos - start; if (pos[0] == '"' && pos[1] == '*') { @@ -431,13 +430,12 @@ static int hostapd_config_read_eap_user(const char *fname, goto failed; } - user->password = os_malloc(pos - start); + user->password = os_memdup(start, pos - start); if (user->password == NULL) { wpa_printf(MSG_ERROR, "Failed to allocate " "memory for EAP password"); goto failed; } - os_memcpy(user->password, start, pos - start); user->password_len = pos - start; pos++; @@ -782,10 +780,9 @@ static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx, if (len < 2 || val[len - 1] != '"') return -1; len -= 2; - wep->key[keyidx] = os_malloc(len); + wep->key[keyidx] = os_memdup(val + 1, len); if (wep->key[keyidx] == NULL) return -1; - os_memcpy(wep->key[keyidx], val + 1, len); wep->len[keyidx] = len; } else { if (len & 1) diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c index cdb49cdd9..8a658244a 100644 --- a/src/ap/authsrv.c +++ b/src/ap/authsrv.c @@ -71,11 +71,10 @@ static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity, } if (eap_user->password) { - user->password = os_malloc(eap_user->password_len); + user->password = os_memdup(eap_user->password, + eap_user->password_len); if (user->password == NULL) goto out; - os_memcpy(user->password, eap_user->password, - eap_user->password_len); user->password_len = eap_user->password_len; user->password_hash = eap_user->password_hash; } diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index 21023dd8b..3c5a56c52 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -2953,60 +2953,52 @@ static int hostapd_build_beacon_data(struct hostapd_data *hapd, goto free_ap_params; ret = -1; - beacon->head = os_malloc(params.head_len); + beacon->head = os_memdup(params.head, params.head_len); if (!beacon->head) goto free_ap_extra_ies; - os_memcpy(beacon->head, params.head, params.head_len); beacon->head_len = params.head_len; - beacon->tail = os_malloc(params.tail_len); + beacon->tail = os_memdup(params.tail, params.tail_len); if (!beacon->tail) goto free_beacon; - os_memcpy(beacon->tail, params.tail, params.tail_len); beacon->tail_len = params.tail_len; if (params.proberesp != NULL) { - beacon->probe_resp = os_malloc(params.proberesp_len); + beacon->probe_resp = os_memdup(params.proberesp, + params.proberesp_len); if (!beacon->probe_resp) goto free_beacon; - os_memcpy(beacon->probe_resp, params.proberesp, - params.proberesp_len); beacon->probe_resp_len = params.proberesp_len; } /* copy the extra ies */ if (beacon_extra) { - beacon->beacon_ies = os_malloc(wpabuf_len(beacon_extra)); + beacon->beacon_ies = os_memdup(beacon_extra->buf, + wpabuf_len(beacon_extra)); if (!beacon->beacon_ies) goto free_beacon; - os_memcpy(beacon->beacon_ies, - beacon_extra->buf, wpabuf_len(beacon_extra)); beacon->beacon_ies_len = wpabuf_len(beacon_extra); } if (proberesp_extra) { - beacon->proberesp_ies = - os_malloc(wpabuf_len(proberesp_extra)); + beacon->proberesp_ies = os_memdup(proberesp_extra->buf, + wpabuf_len(proberesp_extra)); if (!beacon->proberesp_ies) goto free_beacon; - os_memcpy(beacon->proberesp_ies, proberesp_extra->buf, - wpabuf_len(proberesp_extra)); beacon->proberesp_ies_len = wpabuf_len(proberesp_extra); } if (assocresp_extra) { - beacon->assocresp_ies = - os_malloc(wpabuf_len(assocresp_extra)); + beacon->assocresp_ies = os_memdup(assocresp_extra->buf, + wpabuf_len(assocresp_extra)); if (!beacon->assocresp_ies) goto free_beacon; - os_memcpy(beacon->assocresp_ies, assocresp_extra->buf, - wpabuf_len(assocresp_extra)); beacon->assocresp_ies_len = wpabuf_len(assocresp_extra); } diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 73699663d..dc8cedce7 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -2715,12 +2715,11 @@ static void handle_assoc(struct hostapd_data *hapd, /* The end of the payload is encrypted. Need to decrypt it * before parsing. */ - tmp = os_malloc(left); + tmp = os_memdup(pos, left); if (!tmp) { resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto fail; } - os_memcpy(tmp, pos, left); left = fils_decrypt_assoc(sta->wpa_sm, sta->fils_session, mgmt, len, tmp, left); @@ -3188,10 +3187,9 @@ static int handle_action(struct hostapd_data *hapd, */ wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " "frame back to sender"); - resp = os_malloc(len); + resp = os_memdup(mgmt, len); if (resp == NULL) return 0; - os_memcpy(resp, mgmt, len); os_memcpy(resp->da, resp->sa, ETH_ALEN); os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c index 1e0358cec..3308398d1 100644 --- a/src/ap/ieee802_11_auth.c +++ b/src/ap/ieee802_11_auth.c @@ -327,14 +327,13 @@ int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr, return HOSTAPD_ACL_REJECT; } - query->auth_msg = os_malloc(len); + query->auth_msg = os_memdup(msg, len); if (query->auth_msg == NULL) { wpa_printf(MSG_ERROR, "Failed to allocate memory for " "auth frame."); hostapd_acl_query_free(query); return HOSTAPD_ACL_REJECT; } - os_memcpy(query->auth_msg, msg, len); query->auth_msg_len = len; query->next = hapd->acl_queries; hapd->acl_queries = query; diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index fccdc72ee..7591df6be 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -1420,11 +1420,10 @@ static void ieee802_1x_store_radius_class(struct hostapd_data *hapd, } } while (class_len < 1); - nclass[nclass_count].data = os_malloc(class_len); + nclass[nclass_count].data = os_memdup(attr_class, class_len); if (nclass[nclass_count].data == NULL) break; - os_memcpy(nclass[nclass_count].data, attr_class, class_len); nclass[nclass_count].len = class_len; nclass_count++; } @@ -2072,11 +2071,10 @@ static int ieee802_1x_get_eap_user(void *ctx, const u8 *identity, } if (eap_user->password) { - user->password = os_malloc(eap_user->password_len); + user->password = os_memdup(eap_user->password, + eap_user->password_len); if (user->password == NULL) goto out; - os_memcpy(user->password, eap_user->password, - eap_user->password_len); user->password_len = eap_user->password_len; user->password_hash = eap_user->password_hash; } diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index a3df81bda..df4db280d 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1335,10 +1335,9 @@ continue_processing: #endif /* CONFIG_PEERKEY */ os_free(sm->last_rx_eapol_key); - sm->last_rx_eapol_key = os_malloc(data_len); + sm->last_rx_eapol_key = os_memdup(data, data_len); if (sm->last_rx_eapol_key == NULL) return; - os_memcpy(sm->last_rx_eapol_key, data, data_len); sm->last_rx_eapol_key_len = data_len; sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE); diff --git a/src/crypto/aes-siv.c b/src/crypto/aes-siv.c index 2bb79b52e..b682f3ad5 100644 --- a/src/crypto/aes-siv.c +++ b/src/crypto/aes-siv.c @@ -95,11 +95,10 @@ static int aes_s2v(const u8 *key, size_t key_len, xor(tmp, tmp2); } if (len[i] >= AES_BLOCK_SIZE) { - buf = os_malloc(len[i]); + buf = os_memdup(addr[i], len[i]); if (!buf) return -ENOMEM; - os_memcpy(buf, addr[i], len[i]); xorend(buf, len[i], tmp, AES_BLOCK_SIZE); data[0] = buf; ret = omac1_aes_vector(key, key_len, 1, data, &len[i], mac); diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 787613423..fc169e71e 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -4227,11 +4227,10 @@ static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data, wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " "extension", data, len); - conn->session_ticket = os_malloc(len); + conn->session_ticket = os_memdup(data, len); if (conn->session_ticket == NULL) return 0; - os_memcpy(conn->session_ticket, data, len); conn->session_ticket_len = len; return 1; diff --git a/src/drivers/driver_hostap.c b/src/drivers/driver_hostap.c index 517a3bbb5..c657ce918 100644 --- a/src/drivers/driver_hostap.c +++ b/src/drivers/driver_hostap.c @@ -741,10 +741,9 @@ static int hostap_set_generic_elem(void *priv, drv->generic_ie = NULL; drv->generic_ie_len = 0; if (elem) { - drv->generic_ie = os_malloc(elem_len); + drv->generic_ie = os_memdup(elem, elem_len); if (drv->generic_ie == NULL) return -1; - os_memcpy(drv->generic_ie, elem, elem_len); drv->generic_ie_len = elem_len; } @@ -768,11 +767,10 @@ static int hostap_set_ap_wps_ie(void *priv, const struct wpabuf *beacon, drv->wps_ie = NULL; drv->wps_ie_len = 0; if (proberesp) { - drv->wps_ie = os_malloc(wpabuf_len(proberesp)); + drv->wps_ie = os_memdup(wpabuf_head(proberesp), + wpabuf_len(proberesp)); if (drv->wps_ie == NULL) return -1; - os_memcpy(drv->wps_ie, wpabuf_head(proberesp), - wpabuf_len(proberesp)); drv->wps_ie_len = wpabuf_len(proberesp); } diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index d20b04cc9..4053c2109 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -546,23 +546,22 @@ static void wiphy_info_extended_capab(struct wpa_driver_nl80211_data *drv, nl80211_iftype_str(capa->iftype)); len = nla_len(tb1[NL80211_ATTR_EXT_CAPA]); - capa->ext_capa = os_malloc(len); + capa->ext_capa = os_memdup(nla_data(tb1[NL80211_ATTR_EXT_CAPA]), + len); if (!capa->ext_capa) goto err; - os_memcpy(capa->ext_capa, nla_data(tb1[NL80211_ATTR_EXT_CAPA]), - len); capa->ext_capa_len = len; wpa_hexdump(MSG_DEBUG, "nl80211: Extended capabilities", capa->ext_capa, capa->ext_capa_len); len = nla_len(tb1[NL80211_ATTR_EXT_CAPA_MASK]); - capa->ext_capa_mask = os_malloc(len); + capa->ext_capa_mask = + os_memdup(nla_data(tb1[NL80211_ATTR_EXT_CAPA_MASK]), + len); if (!capa->ext_capa_mask) goto err; - os_memcpy(capa->ext_capa_mask, - nla_data(tb1[NL80211_ATTR_EXT_CAPA_MASK]), len); wpa_hexdump(MSG_DEBUG, "nl80211: Extended capabilities mask", capa->ext_capa_mask, capa->ext_capa_len); @@ -1525,14 +1524,13 @@ wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes, mode11g = &modes[mode11g_idx]; mode->num_channels = mode11g->num_channels; - mode->channels = os_malloc(mode11g->num_channels * + mode->channels = os_memdup(mode11g->channels, + mode11g->num_channels * sizeof(struct hostapd_channel_data)); if (mode->channels == NULL) { (*num_modes)--; return modes; /* Could not add 802.11b mode */ } - os_memcpy(mode->channels, mode11g->channels, - mode11g->num_channels * sizeof(struct hostapd_channel_data)); mode->num_rates = 0; mode->rates = os_malloc(4 * sizeof(int)); diff --git a/src/drivers/driver_privsep.c b/src/drivers/driver_privsep.c index 655128a96..f8fa66ddb 100644 --- a/src/drivers/driver_privsep.c +++ b/src/drivers/driver_privsep.c @@ -184,10 +184,9 @@ wpa_driver_privsep_get_scan_results2(void *priv) if (len < 0 || len > 10000 || len > end - pos) break; - r = os_malloc(len); + r = os_memdup(pos, len); if (r == NULL) break; - os_memcpy(r, pos, len); pos += len; if (sizeof(*r) + r->ie_len + r->beacon_ie_len > (size_t) len) { wpa_printf(MSG_ERROR, diff --git a/src/drivers/driver_wext.c b/src/drivers/driver_wext.c index 458d45811..47b90ebe5 100644 --- a/src/drivers/driver_wext.c +++ b/src/drivers/driver_wext.c @@ -362,12 +362,11 @@ static int wpa_driver_wext_event_wireless_assocreqie( wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev, len); os_free(drv->assoc_req_ies); - drv->assoc_req_ies = os_malloc(len); + drv->assoc_req_ies = os_memdup(ev, len); if (drv->assoc_req_ies == NULL) { drv->assoc_req_ies_len = 0; return -1; } - os_memcpy(drv->assoc_req_ies, ev, len); drv->assoc_req_ies_len = len; return 0; @@ -383,12 +382,11 @@ static int wpa_driver_wext_event_wireless_assocrespie( wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev, len); os_free(drv->assoc_resp_ies); - drv->assoc_resp_ies = os_malloc(len); + drv->assoc_resp_ies = os_memdup(ev, len); if (drv->assoc_resp_ies == NULL) { drv->assoc_resp_ies_len = 0; return -1; } - os_memcpy(drv->assoc_resp_ies, ev, len); drv->assoc_resp_ies_len = len; return 0; diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c index 2adc3b376..6290c35f1 100644 --- a/src/eap_common/eap_sim_common.c +++ b/src/eap_common/eap_sim_common.c @@ -175,7 +175,7 @@ int eap_sim_verify_mac(const u8 *k_aut, const struct wpabuf *req, mac > wpabuf_head_u8(req) + wpabuf_len(req) - EAP_SIM_MAC_LEN) return -1; - tmp = os_malloc(wpabuf_len(req)); + tmp = os_memdup(wpabuf_head(req), wpabuf_len(req)); if (tmp == NULL) return -1; @@ -185,7 +185,6 @@ int eap_sim_verify_mac(const u8 *k_aut, const struct wpabuf *req, len[1] = extra_len; /* HMAC-SHA1-128 */ - os_memcpy(tmp, wpabuf_head(req), wpabuf_len(req)); os_memset(tmp + (mac - wpabuf_head_u8(req)), 0, EAP_SIM_MAC_LEN); wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Verify MAC - msg", tmp, wpabuf_len(req)); @@ -370,7 +369,7 @@ int eap_sim_verify_mac_sha256(const u8 *k_aut, const struct wpabuf *req, mac > wpabuf_head_u8(req) + wpabuf_len(req) - EAP_SIM_MAC_LEN) return -1; - tmp = os_malloc(wpabuf_len(req)); + tmp = os_memdup(wpabuf_head(req), wpabuf_len(req)); if (tmp == NULL) return -1; @@ -380,7 +379,6 @@ int eap_sim_verify_mac_sha256(const u8 *k_aut, const struct wpabuf *req, len[1] = extra_len; /* HMAC-SHA-256-128 */ - os_memcpy(tmp, wpabuf_head(req), wpabuf_len(req)); os_memset(tmp + (mac - wpabuf_head_u8(req)), 0, EAP_SIM_MAC_LEN); wpa_hexdump(MSG_MSGDUMP, "EAP-AKA': Verify MAC - msg", tmp, wpabuf_len(req)); @@ -943,10 +941,9 @@ u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data, return NULL; } - decrypted = os_malloc(encr_data_len); + decrypted = os_memdup(encr_data, encr_data_len); if (decrypted == NULL) return NULL; - os_memcpy(decrypted, encr_data, encr_data_len); if (aes_128_cbc_decrypt(k_encr, iv, decrypted, encr_data_len)) { os_free(decrypted); diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c index 41888179e..8553667c5 100644 --- a/src/eap_peer/eap_aka.c +++ b/src/eap_peer/eap_aka.c @@ -415,15 +415,14 @@ static int eap_aka_learn_ids(struct eap_sm *sm, struct eap_aka_data *data, if (attr->next_reauth_id) { os_free(data->reauth_id); - data->reauth_id = os_malloc(attr->next_reauth_id_len); + data->reauth_id = os_memdup(attr->next_reauth_id, + attr->next_reauth_id_len); if (data->reauth_id == NULL) { wpa_printf(MSG_INFO, "EAP-AKA: (encr) No memory for " "next reauth_id"); data->reauth_id_len = 0; return -1; } - os_memcpy(data->reauth_id, attr->next_reauth_id, - attr->next_reauth_id_len); data->reauth_id_len = attr->next_reauth_id_len; wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: (encr) AT_NEXT_REAUTH_ID", @@ -913,14 +912,13 @@ static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm, return eap_aka_authentication_reject(data, id); } os_free(data->network_name); - data->network_name = os_malloc(attr->kdf_input_len); + data->network_name = os_memdup(attr->kdf_input, + attr->kdf_input_len); if (data->network_name == NULL) { wpa_printf(MSG_WARNING, "EAP-AKA': No memory for " "storing Network Name"); return eap_aka_authentication_reject(data, id); } - os_memcpy(data->network_name, attr->kdf_input, - attr->kdf_input_len); data->network_name_len = attr->kdf_input_len; wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA': Network Name " "(AT_KDF_INPUT)", @@ -1442,12 +1440,11 @@ static u8 * eap_aka_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_SIM_KEYING_DATA_LEN); + key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN); if (key == NULL) return NULL; *len = EAP_SIM_KEYING_DATA_LEN; - os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN); return key; } @@ -1483,12 +1480,11 @@ static u8 * eap_aka_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; *len = EAP_EMSK_LEN; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); return key; } diff --git a/src/eap_peer/eap_eke.c b/src/eap_peer/eap_eke.c index f899f653f..0de7d6cbf 100644 --- a/src/eap_peer/eap_eke.c +++ b/src/eap_peer/eap_eke.c @@ -85,12 +85,11 @@ static void * eap_eke_init(struct eap_sm *sm) identity = eap_get_config_identity(sm, &identity_len); if (identity) { - data->peerid = os_malloc(identity_len); + data->peerid = os_memdup(identity, identity_len); if (data->peerid == NULL) { eap_eke_deinit(sm, data); return NULL; } - os_memcpy(data->peerid, identity, identity_len); data->peerid_len = identity_len; } @@ -310,12 +309,11 @@ static struct wpabuf * eap_eke_process_id(struct eap_eke_data *data, wpa_hexdump_ascii(MSG_DEBUG, "EAP-EKE: Server Identity", pos, end - pos); os_free(data->serverid); - data->serverid = os_malloc(end - pos); + data->serverid = os_memdup(pos, end - pos); if (data->serverid == NULL) { return eap_eke_build_fail(data, ret, id, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR); } - os_memcpy(data->serverid, pos, end - pos); data->serverid_len = end - pos; wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-ID/Response"); @@ -717,10 +715,9 @@ static u8 * eap_eke_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_MSK_LEN); + key = os_memdup(data->msk, EAP_MSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_MSK_LEN); *len = EAP_MSK_LEN; return key; @@ -735,10 +732,9 @@ static u8 * eap_eke_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); *len = EAP_EMSK_LEN; return key; diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c index e4b0c1041..74cec7dd5 100644 --- a/src/eap_peer/eap_fast.c +++ b/src/eap_peer/eap_fast.c @@ -1749,12 +1749,11 @@ static u8 * eap_fast_getKey(struct eap_sm *sm, void *priv, size_t *len) if (!data->success) return NULL; - key = os_malloc(EAP_FAST_KEY_LEN); + key = os_memdup(data->key_data, EAP_FAST_KEY_LEN); if (key == NULL) return NULL; *len = EAP_FAST_KEY_LEN; - os_memcpy(key, data->key_data, EAP_FAST_KEY_LEN); return key; } @@ -1768,12 +1767,11 @@ static u8 * eap_fast_get_session_id(struct eap_sm *sm, void *priv, size_t *len) if (!data->success || !data->session_id) return NULL; - id = os_malloc(data->id_len); + id = os_memdup(data->session_id, data->id_len); if (id == NULL) return NULL; *len = data->id_len; - os_memcpy(id, data->session_id, data->id_len); return id; } @@ -1787,12 +1785,11 @@ static u8 * eap_fast_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (!data->success) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; *len = EAP_EMSK_LEN; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); return key; } diff --git a/src/eap_peer/eap_fast_pac.c b/src/eap_peer/eap_fast_pac.c index c81586035..7d674c8c0 100644 --- a/src/eap_peer/eap_fast_pac.c +++ b/src/eap_peer/eap_fast_pac.c @@ -114,10 +114,9 @@ static int eap_fast_copy_buf(u8 **dst, size_t *dst_len, const u8 *src, size_t src_len) { if (src) { - *dst = os_malloc(src_len); + *dst = os_memdup(src, src_len); if (*dst == NULL) return -1; - os_memcpy(*dst, src, src_len); *dst_len = src_len; } return 0; @@ -720,19 +719,17 @@ static void eap_fast_pac_get_a_id(struct eap_fast_pac *pac) if (type == PAC_TYPE_A_ID) { os_free(pac->a_id); - pac->a_id = os_malloc(len); + pac->a_id = os_memdup(pos, len); if (pac->a_id == NULL) break; - os_memcpy(pac->a_id, pos, len); pac->a_id_len = len; } if (type == PAC_TYPE_A_ID_INFO) { os_free(pac->a_id_info); - pac->a_id_info = os_malloc(len); + pac->a_id_info = os_memdup(pos, len); if (pac->a_id_info == NULL) break; - os_memcpy(pac->a_id_info, pos, len); pac->a_id_info_len = len; } @@ -820,10 +817,9 @@ int eap_fast_load_pac_bin(struct eap_sm *sm, struct eap_fast_pac **pac_root, if (val > end - pos) goto parse_fail; pac->pac_opaque_len = val; - pac->pac_opaque = os_malloc(pac->pac_opaque_len); + pac->pac_opaque = os_memdup(pos, pac->pac_opaque_len); if (pac->pac_opaque == NULL) goto parse_fail; - os_memcpy(pac->pac_opaque, pos, pac->pac_opaque_len); pos += pac->pac_opaque_len; if (2 > end - pos) goto parse_fail; @@ -832,10 +828,9 @@ int eap_fast_load_pac_bin(struct eap_sm *sm, struct eap_fast_pac **pac_root, if (val > end - pos) goto parse_fail; pac->pac_info_len = val; - pac->pac_info = os_malloc(pac->pac_info_len); + pac->pac_info = os_memdup(pos, pac->pac_info_len); if (pac->pac_info == NULL) goto parse_fail; - os_memcpy(pac->pac_info, pos, pac->pac_info_len); pos += pac->pac_info_len; eap_fast_pac_get_a_id(pac); diff --git a/src/eap_peer/eap_gpsk.c b/src/eap_peer/eap_gpsk.c index 177cbccf5..f9c4d3773 100644 --- a/src/eap_peer/eap_gpsk.c +++ b/src/eap_peer/eap_gpsk.c @@ -96,12 +96,11 @@ static void * eap_gpsk_init(struct eap_sm *sm) identity = eap_get_config_identity(sm, &identity_len); if (identity) { - data->id_peer = os_malloc(identity_len); + data->id_peer = os_memdup(identity, identity_len); if (data->id_peer == NULL) { eap_gpsk_deinit(sm, data); return NULL; } - os_memcpy(data->id_peer, identity, identity_len); data->id_peer_len = identity_len; } @@ -117,12 +116,11 @@ static void * eap_gpsk_init(struct eap_sm *sm) } } - data->psk = os_malloc(password_len); + data->psk = os_memdup(password, password_len); if (data->psk == NULL) { eap_gpsk_deinit(sm, data); return NULL; } - os_memcpy(data->psk, password, password_len); data->psk_len = password_len; return data; @@ -158,12 +156,11 @@ static const u8 * eap_gpsk_process_id_server(struct eap_gpsk_data *data, return NULL; } os_free(data->id_server); - data->id_server = os_malloc(alen); + data->id_server = os_memdup(pos, alen); if (data->id_server == NULL) { wpa_printf(MSG_DEBUG, "EAP-GPSK: No memory for ID_Server"); return NULL; } - os_memcpy(data->id_server, pos, alen); data->id_server_len = alen; wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Server", data->id_server, data->id_server_len); @@ -722,10 +719,9 @@ static u8 * eap_gpsk_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_MSK_LEN); + key = os_memdup(data->msk, EAP_MSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_MSK_LEN); *len = EAP_MSK_LEN; return key; @@ -740,10 +736,9 @@ static u8 * eap_gpsk_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); *len = EAP_EMSK_LEN; return key; @@ -758,10 +753,9 @@ static u8 * eap_gpsk_get_session_id(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - sid = os_malloc(data->id_len); + sid = os_memdup(data->session_id, data->id_len); if (sid == NULL) return NULL; - os_memcpy(sid, data->session_id, data->id_len); *len = data->id_len; return sid; diff --git a/src/eap_peer/eap_ikev2.c b/src/eap_peer/eap_ikev2.c index 390f0ec8c..6ddf50835 100644 --- a/src/eap_peer/eap_ikev2.c +++ b/src/eap_peer/eap_ikev2.c @@ -83,18 +83,16 @@ static void * eap_ikev2_init(struct eap_sm *sm) if (data->ikev2.key_pad == NULL) goto failed; data->ikev2.key_pad_len = 21; - data->ikev2.IDr = os_malloc(identity_len); + data->ikev2.IDr = os_memdup(identity, identity_len); if (data->ikev2.IDr == NULL) goto failed; - os_memcpy(data->ikev2.IDr, identity, identity_len); data->ikev2.IDr_len = identity_len; password = eap_get_config_password(sm, &password_len); if (password) { - data->ikev2.shared_secret = os_malloc(password_len); + data->ikev2.shared_secret = os_memdup(password, password_len); if (data->ikev2.shared_secret == NULL) goto failed; - os_memcpy(data->ikev2.shared_secret, password, password_len); data->ikev2.shared_secret_len = password_len; } diff --git a/src/eap_peer/eap_mschapv2.c b/src/eap_peer/eap_mschapv2.c index d346dccab..877495cf3 100644 --- a/src/eap_peer/eap_mschapv2.c +++ b/src/eap_peer/eap_mschapv2.c @@ -109,23 +109,21 @@ static void * eap_mschapv2_init(struct eap_sm *sm) return NULL; if (sm->peer_challenge) { - data->peer_challenge = os_malloc(MSCHAPV2_CHAL_LEN); + data->peer_challenge = os_memdup(sm->peer_challenge, + MSCHAPV2_CHAL_LEN); if (data->peer_challenge == NULL) { eap_mschapv2_deinit(sm, data); return NULL; } - os_memcpy(data->peer_challenge, sm->peer_challenge, - MSCHAPV2_CHAL_LEN); } if (sm->auth_challenge) { - data->auth_challenge = os_malloc(MSCHAPV2_CHAL_LEN); + data->auth_challenge = os_memdup(sm->auth_challenge, + MSCHAPV2_CHAL_LEN); if (data->auth_challenge == NULL) { eap_mschapv2_deinit(sm, data); return NULL; } - os_memcpy(data->auth_challenge, sm->auth_challenge, - MSCHAPV2_CHAL_LEN); } data->phase2 = sm->init_phase2; diff --git a/src/eap_peer/eap_pax.c b/src/eap_peer/eap_pax.c index a7012d287..3cef1c880 100644 --- a/src/eap_peer/eap_pax.c +++ b/src/eap_peer/eap_pax.c @@ -69,12 +69,11 @@ static void * eap_pax_init(struct eap_sm *sm) return NULL; data->state = PAX_INIT; - data->cid = os_malloc(identity_len); + data->cid = os_memdup(identity, identity_len); if (data->cid == NULL) { eap_pax_deinit(sm, data); return NULL; } - os_memcpy(data->cid, identity, identity_len); data->cid_len = identity_len; os_memcpy(data->ak, password, EAP_PAX_AK_LEN); diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c index 2ff607625..34075b1d9 100644 --- a/src/eap_peer/eap_peap.c +++ b/src/eap_peer/eap_peap.c @@ -1272,12 +1272,11 @@ static u8 * eap_peap_get_session_id(struct eap_sm *sm, void *priv, size_t *len) if (data->session_id == NULL || !data->phase2_success) return NULL; - id = os_malloc(data->id_len); + id = os_memdup(data->session_id, data->id_len); if (id == NULL) return NULL; *len = data->id_len; - os_memcpy(id, data->session_id, data->id_len); return id; } diff --git a/src/eap_peer/eap_psk.c b/src/eap_peer/eap_psk.c index ac18c158a..eea9430d2 100644 --- a/src/eap_peer/eap_psk.c +++ b/src/eap_peer/eap_psk.c @@ -116,14 +116,13 @@ static struct wpabuf * eap_psk_process_1(struct eap_psk_data *data, os_memcpy(data->rand_s, hdr1->rand_s, EAP_PSK_RAND_LEN); os_free(data->id_s); data->id_s_len = len - sizeof(*hdr1); - data->id_s = os_malloc(data->id_s_len); + data->id_s = os_memdup(hdr1 + 1, data->id_s_len); if (data->id_s == NULL) { wpa_printf(MSG_ERROR, "EAP-PSK: Failed to allocate memory for " "ID_S (len=%lu)", (unsigned long) data->id_s_len); ret->ignore = TRUE; return NULL; } - os_memcpy(data->id_s, (u8 *) (hdr1 + 1), data->id_s_len); wpa_hexdump_ascii(MSG_DEBUG, "EAP-PSK: ID_S", data->id_s, data->id_s_len); @@ -273,13 +272,12 @@ static struct wpabuf * eap_psk_process_3(struct eap_psk_data *data, wpabuf_head(reqData), 5); wpa_hexdump(MSG_MSGDUMP, "EAP-PSK: PCHANNEL - cipher msg", msg, left); - decrypted = os_malloc(left); + decrypted = os_memdup(msg, left); if (decrypted == NULL) { ret->methodState = METHOD_DONE; ret->decision = DECISION_FAIL; return NULL; } - os_memcpy(decrypted, msg, left); if (aes_128_eax_decrypt(data->tek, nonce, sizeof(nonce), wpabuf_head(reqData), @@ -425,12 +423,11 @@ static u8 * eap_psk_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != PSK_DONE) return NULL; - key = os_malloc(EAP_MSK_LEN); + key = os_memdup(data->msk, EAP_MSK_LEN); if (key == NULL) return NULL; *len = EAP_MSK_LEN; - os_memcpy(key, data->msk, EAP_MSK_LEN); return key; } @@ -466,12 +463,11 @@ static u8 * eap_psk_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != PSK_DONE) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; *len = EAP_EMSK_LEN; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); return key; } diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c index 662347b29..ec277ac91 100644 --- a/src/eap_peer/eap_pwd.c +++ b/src/eap_peer/eap_pwd.c @@ -183,11 +183,10 @@ static u8 * eap_pwd_getkey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_MSK_LEN); + key = os_memdup(data->msk, EAP_MSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_MSK_LEN); *len = EAP_MSK_LEN; return key; @@ -202,11 +201,10 @@ static u8 * eap_pwd_get_session_id(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - id = os_malloc(1 + SHA256_MAC_LEN); + id = os_memdup(data->session_id, 1 + SHA256_MAC_LEN); if (id == NULL) return NULL; - os_memcpy(id, data->session_id, 1 + SHA256_MAC_LEN); *len = 1 + SHA256_MAC_LEN; return id; diff --git a/src/eap_peer/eap_sake.c b/src/eap_peer/eap_sake.c index 330febbef..0a6ce255a 100644 --- a/src/eap_peer/eap_sake.c +++ b/src/eap_peer/eap_sake.c @@ -85,12 +85,11 @@ static void * eap_sake_init(struct eap_sm *sm) identity = eap_get_config_identity(sm, &identity_len); if (identity) { - data->peerid = os_malloc(identity_len); + data->peerid = os_memdup(identity, identity_len); if (data->peerid == NULL) { eap_sake_deinit(sm, data); return NULL; } - os_memcpy(data->peerid, identity, identity_len); data->peerid_len = identity_len; } @@ -230,10 +229,9 @@ static struct wpabuf * eap_sake_process_challenge(struct eap_sm *sm, if (attr.serverid) { wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-SAKE: SERVERID", attr.serverid, attr.serverid_len); - data->serverid = os_malloc(attr.serverid_len); + data->serverid = os_memdup(attr.serverid, attr.serverid_len); if (data->serverid == NULL) return NULL; - os_memcpy(data->serverid, attr.serverid, attr.serverid_len); data->serverid_len = attr.serverid_len; } @@ -450,10 +448,9 @@ static u8 * eap_sake_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_MSK_LEN); + key = os_memdup(data->msk, EAP_MSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_MSK_LEN); *len = EAP_MSK_LEN; return key; @@ -490,10 +487,9 @@ static u8 * eap_sake_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); *len = EAP_EMSK_LEN; return key; diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c index 95ecdf73f..25f592cde 100644 --- a/src/eap_peer/eap_sim.c +++ b/src/eap_peer/eap_sim.c @@ -437,15 +437,14 @@ static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data, if (attr->next_reauth_id) { os_free(data->reauth_id); - data->reauth_id = os_malloc(attr->next_reauth_id_len); + data->reauth_id = os_memdup(attr->next_reauth_id, + attr->next_reauth_id_len); if (data->reauth_id == NULL) { wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for " "next reauth_id"); data->reauth_id_len = 0; return -1; } - os_memcpy(data->reauth_id, attr->next_reauth_id, - attr->next_reauth_id_len); data->reauth_id_len = attr->next_reauth_id_len; wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: (encr) AT_NEXT_REAUTH_ID", @@ -640,14 +639,13 @@ static struct wpabuf * eap_sim_process_start(struct eap_sm *sm, } os_free(data->ver_list); - data->ver_list = os_malloc(attr->version_list_len); + data->ver_list = os_memdup(attr->version_list, attr->version_list_len); if (data->ver_list == NULL) { wpa_printf(MSG_DEBUG, "EAP-SIM: Failed to allocate " "memory for version list"); return eap_sim_client_error(data, id, EAP_SIM_UNABLE_TO_PROCESS_PACKET); } - os_memcpy(data->ver_list, attr->version_list, attr->version_list_len); data->ver_list_len = attr->version_list_len; pos = data->ver_list; for (i = 0; i < data->ver_list_len / 2; i++) { @@ -1186,12 +1184,11 @@ static u8 * eap_sim_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_SIM_KEYING_DATA_LEN); + key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN); if (key == NULL) return NULL; *len = EAP_SIM_KEYING_DATA_LEN; - os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN); return key; } @@ -1228,12 +1225,11 @@ static u8 * eap_sim_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; *len = EAP_EMSK_LEN; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); return key; } diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c index ca2354f8a..c1820a4ca 100644 --- a/src/eap_peer/eap_tls.c +++ b/src/eap_peer/eap_tls.c @@ -338,12 +338,11 @@ static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->key_data == NULL) return NULL; - key = os_malloc(EAP_TLS_KEY_LEN); + key = os_memdup(data->key_data, EAP_TLS_KEY_LEN); if (key == NULL) return NULL; *len = EAP_TLS_KEY_LEN; - os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN); return key; } @@ -357,12 +356,11 @@ static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->key_data == NULL) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN); if (key == NULL) return NULL; *len = EAP_EMSK_LEN; - os_memcpy(key, data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN); return key; } @@ -376,12 +374,11 @@ static u8 * eap_tls_get_session_id(struct eap_sm *sm, void *priv, size_t *len) if (data->session_id == NULL) return NULL; - id = os_malloc(data->id_len); + id = os_memdup(data->session_id, data->id_len); if (id == NULL) return NULL; *len = data->id_len; - os_memcpy(id, data->session_id, data->id_len); return id; } diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c index 6714b903e..01112b5df 100644 --- a/src/eap_peer/eap_ttls.c +++ b/src/eap_peer/eap_ttls.c @@ -874,13 +874,12 @@ static int eap_ttls_parse_attr_eap(const u8 *dpos, size_t dlen, { wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message"); if (parse->eapdata == NULL) { - parse->eapdata = os_malloc(dlen); + parse->eapdata = os_memdup(dpos, dlen); if (parse->eapdata == NULL) { wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate " "memory for Phase 2 EAP data"); return -1; } - os_memcpy(parse->eapdata, dpos, dlen); parse->eap_len = dlen; } else { u8 *neweap = os_realloc(parse->eapdata, parse->eap_len + dlen); @@ -1749,12 +1748,11 @@ static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->key_data == NULL || !data->phase2_success) return NULL; - key = os_malloc(EAP_TLS_KEY_LEN); + key = os_memdup(data->key_data, EAP_TLS_KEY_LEN); if (key == NULL) return NULL; *len = EAP_TLS_KEY_LEN; - os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN); return key; } @@ -1768,12 +1766,11 @@ static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len) if (data->session_id == NULL || !data->phase2_success) return NULL; - id = os_malloc(data->id_len); + id = os_memdup(data->session_id, data->id_len); if (id == NULL) return NULL; *len = data->id_len; - os_memcpy(id, data->session_id, data->id_len); return id; } @@ -1787,12 +1784,11 @@ static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->key_data == NULL) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN); if (key == NULL) return NULL; *len = EAP_EMSK_LEN; - os_memcpy(key, data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN); return key; } diff --git a/src/eap_peer/ikev2.c b/src/eap_peer/ikev2.c index ca6502ea0..7bd97b1b9 100644 --- a/src/eap_peer/ikev2.c +++ b/src/eap_peer/ikev2.c @@ -476,10 +476,9 @@ static int ikev2_process_idi(struct ikev2_responder_data *data, wpa_printf(MSG_DEBUG, "IKEV2: IDi ID Type %d", id_type); wpa_hexdump_ascii(MSG_DEBUG, "IKEV2: IDi", idi, idi_len); os_free(data->IDi); - data->IDi = os_malloc(idi_len); + data->IDi = os_memdup(idi, idi_len); if (data->IDi == NULL) return -1; - os_memcpy(data->IDi, idi, idi_len); data->IDi_len = idi_len; data->IDi_type = id_type; diff --git a/src/eap_peer/tncc.c b/src/eap_peer/tncc.c index 0c5caa7dd..a9bafe288 100644 --- a/src/eap_peer/tncc.c +++ b/src/eap_peer/tncc.c @@ -126,12 +126,10 @@ static TNC_Result TNC_TNCC_ReportMessageTypes( imc = tnc_imc[imcID]; os_free(imc->supported_types); - imc->supported_types = - os_malloc(typeCount * sizeof(TNC_MessageType)); + imc->supported_types = os_memdup(supportedTypes, + typeCount * sizeof(TNC_MessageType)); if (imc->supported_types == NULL) return TNC_RESULT_FATAL; - os_memcpy(imc->supported_types, supportedTypes, - typeCount * sizeof(TNC_MessageType)); imc->num_supported_types = typeCount; return TNC_RESULT_SUCCESS; diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c index a8bb5eae6..175021163 100644 --- a/src/eap_server/eap_server_aka.c +++ b/src/eap_server/eap_server_aka.c @@ -1261,10 +1261,9 @@ static u8 * eap_aka_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_SIM_KEYING_DATA_LEN); + key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN); *len = EAP_SIM_KEYING_DATA_LEN; return key; } @@ -1278,10 +1277,9 @@ static u8 * eap_aka_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); *len = EAP_EMSK_LEN; return key; } diff --git a/src/eap_server/eap_server_eke.c b/src/eap_server/eap_server_eke.c index 1eba8f515..71580bf7b 100644 --- a/src/eap_server/eap_server_eke.c +++ b/src/eap_server/eap_server_eke.c @@ -467,13 +467,12 @@ static void eap_eke_process_identity(struct eap_sm *sm, data->peerid_type = *pos++; os_free(data->peerid); - data->peerid = os_malloc(end - pos); + data->peerid = os_memdup(pos, end - pos); if (data->peerid == NULL) { wpa_printf(MSG_INFO, "EAP-EKE: Failed to allocate memory for peerid"); eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR); return; } - os_memcpy(data->peerid, pos, end - pos); data->peerid_len = end - pos; wpa_printf(MSG_DEBUG, "EAP-EKE: Peer IDType %u", data->peerid_type); wpa_hexdump_ascii(MSG_DEBUG, "EAP-EKE: Peer Identity", @@ -731,10 +730,9 @@ static u8 * eap_eke_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_MSK_LEN); + key = os_memdup(data->msk, EAP_MSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_MSK_LEN); *len = EAP_MSK_LEN; return key; @@ -749,10 +747,9 @@ static u8 * eap_eke_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); *len = EAP_EMSK_LEN; return key; diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c index f6d7e3224..fa0342f04 100644 --- a/src/eap_server/eap_server_fast.c +++ b/src/eap_server/eap_server_fast.c @@ -471,12 +471,11 @@ static void * eap_fast_init(struct eap_sm *sm) eap_fast_reset(sm, data); return NULL; } - data->srv_id = os_malloc(sm->eap_fast_a_id_len); + data->srv_id = os_memdup(sm->eap_fast_a_id, sm->eap_fast_a_id_len); if (data->srv_id == NULL) { eap_fast_reset(sm, data); return NULL; } - os_memcpy(data->srv_id, sm->eap_fast_a_id, sm->eap_fast_a_id_len); data->srv_id_len = sm->eap_fast_a_id_len; if (sm->eap_fast_a_id_info == NULL) { diff --git a/src/eap_server/eap_server_gpsk.c b/src/eap_server/eap_server_gpsk.c index 94e74ec9b..fb3d11748 100644 --- a/src/eap_server/eap_server_gpsk.c +++ b/src/eap_server/eap_server_gpsk.c @@ -269,13 +269,12 @@ static void eap_gpsk_process_gpsk_2(struct eap_sm *sm, return; } os_free(data->id_peer); - data->id_peer = os_malloc(alen); + data->id_peer = os_memdup(pos, alen); if (data->id_peer == NULL) { wpa_printf(MSG_DEBUG, "EAP-GPSK: Not enough memory to store " "%d-octet ID_Peer", alen); return; } - os_memcpy(data->id_peer, pos, alen); data->id_peer_len = alen; wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Peer", data->id_peer, data->id_peer_len); @@ -575,10 +574,9 @@ static u8 * eap_gpsk_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_MSK_LEN); + key = os_memdup(data->msk, EAP_MSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_MSK_LEN); *len = EAP_MSK_LEN; return key; @@ -593,10 +591,9 @@ static u8 * eap_gpsk_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); *len = EAP_EMSK_LEN; return key; @@ -618,10 +615,9 @@ static u8 * eap_gpsk_get_session_id(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - sid = os_malloc(data->id_len); + sid = os_memdup(data->session_id, data->id_len); if (sid == NULL) return NULL; - os_memcpy(sid, data->session_id, data->id_len); *len = data->id_len; return sid; diff --git a/src/eap_server/eap_server_gtc.c b/src/eap_server/eap_server_gtc.c index 193a8517a..fcccbcbd5 100644 --- a/src/eap_server/eap_server_gtc.c +++ b/src/eap_server/eap_server_gtc.c @@ -141,12 +141,11 @@ static void eap_gtc_process(struct eap_sm *sm, void *priv, } else { os_free(sm->identity); sm->identity_len = pos2 - pos; - sm->identity = os_malloc(sm->identity_len); + sm->identity = os_memdup(pos, sm->identity_len); if (sm->identity == NULL) { data->state = FAILURE; return; } - os_memcpy(sm->identity, pos, sm->identity_len); } if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { diff --git a/src/eap_server/eap_server_ikev2.c b/src/eap_server/eap_server_ikev2.c index 3a249d141..183341950 100644 --- a/src/eap_server/eap_server_ikev2.c +++ b/src/eap_server/eap_server_ikev2.c @@ -103,10 +103,9 @@ static void * eap_ikev2_init(struct eap_sm *sm) data->ikev2.proposal.encr = ENCR_AES_CBC; data->ikev2.proposal.dh = DH_GROUP2_1024BIT_MODP; - data->ikev2.IDi = os_malloc(sm->server_id_len); + data->ikev2.IDi = os_memdup(sm->server_id, sm->server_id_len); if (data->ikev2.IDi == NULL) goto failed; - os_memcpy(data->ikev2.IDi, sm->server_id, sm->server_id_len); data->ikev2.IDi_len = sm->server_id_len; data->ikev2.get_shared_secret = eap_ikev2_get_shared_secret; diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c index 460cd9c82..6c47bb636 100644 --- a/src/eap_server/eap_server_mschapv2.c +++ b/src/eap_server/eap_server_mschapv2.c @@ -71,13 +71,12 @@ static void * eap_mschapv2_init(struct eap_sm *sm) } if (sm->peer_challenge) { - data->peer_challenge = os_malloc(CHALLENGE_LEN); + data->peer_challenge = os_memdup(sm->peer_challenge, + CHALLENGE_LEN); if (data->peer_challenge == NULL) { os_free(data); return NULL; } - os_memcpy(data->peer_challenge, sm->peer_challenge, - CHALLENGE_LEN); } return data; diff --git a/src/eap_server/eap_server_pax.c b/src/eap_server/eap_server_pax.c index 782b8c316..325778969 100644 --- a/src/eap_server/eap_server_pax.c +++ b/src/eap_server/eap_server_pax.c @@ -327,13 +327,12 @@ static void eap_pax_process_std_2(struct eap_sm *sm, } data->cid_len = cid_len; os_free(data->cid); - data->cid = os_malloc(data->cid_len); + data->cid = os_memdup(pos + 2, data->cid_len); if (data->cid == NULL) { wpa_printf(MSG_INFO, "EAP-PAX: Failed to allocate memory for " "CID"); return; } - os_memcpy(data->cid, pos + 2, data->cid_len); pos += 2 + data->cid_len; left -= 2 + data->cid_len; wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-PAX: CID", diff --git a/src/eap_server/eap_server_psk.c b/src/eap_server/eap_server_psk.c index 857d42139..0eab89339 100644 --- a/src/eap_server/eap_server_psk.c +++ b/src/eap_server/eap_server_psk.c @@ -236,13 +236,12 @@ static void eap_psk_process_2(struct eap_sm *sm, left -= sizeof(*resp); os_free(data->id_p); - data->id_p = os_malloc(left); + data->id_p = os_memdup(cpos, left); if (data->id_p == NULL) { wpa_printf(MSG_INFO, "EAP-PSK: Failed to allocate memory for " "ID_P"); return; } - os_memcpy(data->id_p, cpos, left); data->id_p_len = left; wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-PSK: ID_P", data->id_p, data->id_p_len); @@ -371,10 +370,9 @@ static void eap_psk_process_4(struct eap_sm *sm, pos += 16; left -= 16; - decrypted = os_malloc(left); + decrypted = os_memdup(pos, left); if (decrypted == NULL) return; - os_memcpy(decrypted, pos, left); if (aes_128_eax_decrypt(data->tek, nonce, sizeof(nonce), wpabuf_head(respData), 22, decrypted, left, @@ -450,10 +448,9 @@ static u8 * eap_psk_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_MSK_LEN); + key = os_memdup(data->msk, EAP_MSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_MSK_LEN); *len = EAP_MSK_LEN; return key; @@ -468,10 +465,9 @@ static u8 * eap_psk_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); *len = EAP_EMSK_LEN; return key; diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c index c60539fac..68f0af918 100644 --- a/src/eap_server/eap_server_pwd.c +++ b/src/eap_server/eap_server_pwd.c @@ -1035,11 +1035,10 @@ static u8 * eap_pwd_getkey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_MSK_LEN); + key = os_memdup(data->msk, EAP_MSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_MSK_LEN); *len = EAP_MSK_LEN; return key; @@ -1054,11 +1053,10 @@ static u8 * eap_pwd_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); *len = EAP_EMSK_LEN; return key; @@ -1087,11 +1085,10 @@ static u8 * eap_pwd_get_session_id(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - id = os_malloc(1 + SHA256_MAC_LEN); + id = os_memdup(data->session_id, 1 + SHA256_MAC_LEN); if (id == NULL) return NULL; - os_memcpy(id, data->session_id, 1 + SHA256_MAC_LEN); *len = 1 + SHA256_MAC_LEN; return id; diff --git a/src/eap_server/eap_server_sake.c b/src/eap_server/eap_server_sake.c index 84d0e0be4..66183f5f5 100644 --- a/src/eap_server/eap_server_sake.c +++ b/src/eap_server/eap_server_sake.c @@ -326,10 +326,9 @@ static void eap_sake_process_challenge(struct eap_sm *sm, data->peerid = NULL; data->peerid_len = 0; if (attr.peerid) { - data->peerid = os_malloc(attr.peerid_len); + data->peerid = os_memdup(attr.peerid, attr.peerid_len); if (data->peerid == NULL) return; - os_memcpy(data->peerid, attr.peerid, attr.peerid_len); data->peerid_len = attr.peerid_len; } @@ -460,10 +459,9 @@ static u8 * eap_sake_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_MSK_LEN); + key = os_memdup(data->msk, EAP_MSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_MSK_LEN); *len = EAP_MSK_LEN; return key; @@ -478,10 +476,9 @@ static u8 * eap_sake_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); *len = EAP_EMSK_LEN; return key; diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c index 3a6ed795c..10637d4c6 100644 --- a/src/eap_server/eap_server_sim.c +++ b/src/eap_server/eap_server_sim.c @@ -787,10 +787,9 @@ static u8 * eap_sim_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_SIM_KEYING_DATA_LEN); + key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN); *len = EAP_SIM_KEYING_DATA_LEN; return key; } @@ -804,10 +803,9 @@ static u8 * eap_sim_get_emsk(struct eap_sm *sm, void *priv, size_t *len) if (data->state != SUCCESS) return NULL; - key = os_malloc(EAP_EMSK_LEN); + key = os_memdup(data->emsk, EAP_EMSK_LEN); if (key == NULL) return NULL; - os_memcpy(key, data->emsk, EAP_EMSK_LEN); *len = EAP_EMSK_LEN; return key; } diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c index 160462952..b14996b0b 100644 --- a/src/eap_server/eap_server_ttls.c +++ b/src/eap_server/eap_server_ttls.c @@ -228,14 +228,13 @@ static int eap_ttls_avp_parse(struct wpabuf *buf, struct eap_ttls_avp *parse) if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) { wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message"); if (parse->eap == NULL) { - parse->eap = os_malloc(dlen); + parse->eap = os_memdup(dpos, dlen); if (parse->eap == NULL) { wpa_printf(MSG_WARNING, "EAP-TTLS: " "failed to allocate memory " "for Phase 2 EAP data"); goto fail; } - os_memcpy(parse->eap, dpos, dlen); parse->eap_len = dlen; } else { u8 *neweap = os_realloc(parse->eap, @@ -1054,12 +1053,11 @@ static void eap_ttls_process_phase2(struct eap_sm *sm, } os_free(sm->identity); - sm->identity = os_malloc(parse.user_name_len); + sm->identity = os_memdup(parse.user_name, parse.user_name_len); if (sm->identity == NULL) { eap_ttls_state(data, FAILURE); goto done; } - os_memcpy(sm->identity, parse.user_name, parse.user_name_len); sm->identity_len = parse.user_name_len; if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1) != 0) { diff --git a/src/eap_server/ikev2.c b/src/eap_server/ikev2.c index 5385cd892..0e9210e67 100644 --- a/src/eap_server/ikev2.c +++ b/src/eap_server/ikev2.c @@ -544,10 +544,9 @@ static int ikev2_process_idr(struct ikev2_initiator_data *data, } os_free(data->IDr); } - data->IDr = os_malloc(idr_len); + data->IDr = os_memdup(idr, idr_len); if (data->IDr == NULL) return -1; - os_memcpy(data->IDr, idr, idr_len); data->IDr_len = idr_len; data->IDr_type = id_type; @@ -1147,10 +1146,9 @@ static struct wpabuf * ikev2_build_sa_auth(struct ikev2_initiator_data *data) return NULL; } else { os_free(data->shared_secret); - data->shared_secret = os_malloc(secret_len); + data->shared_secret = os_memdup(secret, secret_len); if (data->shared_secret == NULL) return NULL; - os_memcpy(data->shared_secret, secret, secret_len); data->shared_secret_len = secret_len; } diff --git a/src/eap_server/tncs.c b/src/eap_server/tncs.c index cfcbd3ed8..942a19576 100644 --- a/src/eap_server/tncs.c +++ b/src/eap_server/tncs.c @@ -161,12 +161,10 @@ static TNC_Result TNC_TNCS_ReportMessageTypes( if (imv == NULL) return TNC_RESULT_INVALID_PARAMETER; os_free(imv->supported_types); - imv->supported_types = - os_malloc(typeCount * sizeof(TNC_MessageType)); + imv->supported_types = os_memdup(supportedTypes, + typeCount * sizeof(TNC_MessageType)); if (imv->supported_types == NULL) return TNC_RESULT_FATAL; - os_memcpy(imv->supported_types, supportedTypes, - typeCount * sizeof(TNC_MessageType)); imv->num_supported_types = typeCount; return TNC_RESULT_SUCCESS; diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c index ff673bb2e..bb50da554 100644 --- a/src/eapol_auth/eapol_auth_sm.c +++ b/src/eapol_auth/eapol_auth_sm.c @@ -1197,30 +1197,27 @@ static int eapol_auth_conf_clone(struct eapol_auth_config *dst, dst->server_id = src->server_id; dst->server_id_len = src->server_id_len; if (src->eap_req_id_text) { - dst->eap_req_id_text = os_malloc(src->eap_req_id_text_len); + dst->eap_req_id_text = os_memdup(src->eap_req_id_text, + src->eap_req_id_text_len); if (dst->eap_req_id_text == NULL) return -1; - os_memcpy(dst->eap_req_id_text, src->eap_req_id_text, - src->eap_req_id_text_len); dst->eap_req_id_text_len = src->eap_req_id_text_len; } else { dst->eap_req_id_text = NULL; dst->eap_req_id_text_len = 0; } if (src->pac_opaque_encr_key) { - dst->pac_opaque_encr_key = os_malloc(16); + dst->pac_opaque_encr_key = os_memdup(src->pac_opaque_encr_key, + 16); if (dst->pac_opaque_encr_key == NULL) goto fail; - os_memcpy(dst->pac_opaque_encr_key, src->pac_opaque_encr_key, - 16); } else dst->pac_opaque_encr_key = NULL; if (src->eap_fast_a_id) { - dst->eap_fast_a_id = os_malloc(src->eap_fast_a_id_len); + dst->eap_fast_a_id = os_memdup(src->eap_fast_a_id, + src->eap_fast_a_id_len); if (dst->eap_fast_a_id == NULL) goto fail; - os_memcpy(dst->eap_fast_a_id, src->eap_fast_a_id, - src->eap_fast_a_id_len); dst->eap_fast_a_id_len = src->eap_fast_a_id_len; } else dst->eap_fast_a_id = NULL; diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c index 77eda064b..1374005f9 100644 --- a/src/p2p/p2p.c +++ b/src/p2p/p2p.c @@ -1173,12 +1173,11 @@ int p2p_find(struct p2p_data *p2p, unsigned int timeout, p2p_free_req_dev_types(p2p); if (req_dev_types && num_req_dev_types) { - p2p->req_dev_types = os_malloc(num_req_dev_types * + p2p->req_dev_types = os_memdup(req_dev_types, + num_req_dev_types * WPS_DEV_TYPE_LEN); if (p2p->req_dev_types == NULL) return -1; - os_memcpy(p2p->req_dev_types, req_dev_types, - num_req_dev_types * WPS_DEV_TYPE_LEN); p2p->num_req_dev_types = num_req_dev_types; } @@ -4818,11 +4817,10 @@ int p2p_set_pref_chan(struct p2p_data *p2p, unsigned int num_pref_chan, struct p2p_channel *n; if (pref_chan) { - n = os_malloc(num_pref_chan * sizeof(struct p2p_channel)); + n = os_memdup(pref_chan, + num_pref_chan * sizeof(struct p2p_channel)); if (n == NULL) return -1; - os_memcpy(n, pref_chan, - num_pref_chan * sizeof(struct p2p_channel)); } else n = NULL; diff --git a/src/radius/radius.c b/src/radius/radius.c index 69dbd48f9..fc98ad69f 100644 --- a/src/radius/radius.c +++ b/src/radius/radius.c @@ -963,10 +963,9 @@ static u8 *radius_msg_get_vendor_attr(struct radius_msg *msg, u32 vendor, } len = vhdr->vendor_length - sizeof(*vhdr); - data = os_malloc(len); + data = os_memdup(pos + sizeof(*vhdr), len); if (data == NULL) return NULL; - os_memcpy(data, pos + sizeof(*vhdr), len); if (alen) *alen = len; return data; @@ -1043,12 +1042,11 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len, return NULL; } - res = os_malloc(plain[0]); + res = os_memdup(plain + 1, plain[0]); if (res == NULL) { os_free(plain); return NULL; } - os_memcpy(res, plain + 1, plain[0]); if (reslen) *reslen = plain[0]; os_free(plain); @@ -1597,10 +1595,9 @@ char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen, goto out; /* alloc writable memory for decryption */ - buf = os_malloc(fdlen); + buf = os_memdup(fdata, fdlen); if (buf == NULL) goto out; - os_memcpy(buf, fdata, fdlen); buflen = fdlen; /* init pointers */ @@ -1687,12 +1684,11 @@ int radius_copy_class(struct radius_class_data *dst, dst->count = 0; for (i = 0; i < src->count; i++) { - dst->attr[i].data = os_malloc(src->attr[i].len); + dst->attr[i].data = os_memdup(src->attr[i].data, + src->attr[i].len); if (dst->attr[i].data == NULL) break; dst->count++; - os_memcpy(dst->attr[i].data, src->attr[i].data, - src->attr[i].len); dst->attr[i].len = src->attr[i].len; } diff --git a/src/radius/radius_das.c b/src/radius/radius_das.c index 8a3d7e032..ed24c192d 100644 --- a/src/radius/radius_das.c +++ b/src/radius/radius_das.c @@ -373,13 +373,12 @@ radius_das_init(struct radius_das_conf *conf) os_memcpy(&das->client_addr, conf->client_addr, sizeof(das->client_addr)); - das->shared_secret = os_malloc(conf->shared_secret_len); + das->shared_secret = os_memdup(conf->shared_secret, + conf->shared_secret_len); if (das->shared_secret == NULL) { radius_das_deinit(das); return NULL; } - os_memcpy(das->shared_secret, conf->shared_secret, - conf->shared_secret_len); das->shared_secret_len = conf->shared_secret_len; das->sock = radius_das_open_socket(conf->port); diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c index e4ac24ff2..8437a9b16 100644 --- a/src/rsn_supp/tdls.c +++ b/src/rsn_supp/tdls.c @@ -285,10 +285,9 @@ static int wpa_tdls_tpk_send(struct wpa_sm *sm, const u8 *dest, u8 action_code, peer->sm_tmr.peer_capab = peer_capab; peer->sm_tmr.buf_len = msg_len; os_free(peer->sm_tmr.buf); - peer->sm_tmr.buf = os_malloc(msg_len); + peer->sm_tmr.buf = os_memdup(msg, msg_len); if (peer->sm_tmr.buf == NULL) return -1; - os_memcpy(peer->sm_tmr.buf, msg, msg_len); wpa_printf(MSG_DEBUG, "TDLS: Retry timeout registered " "(action_code=%u)", action_code); diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 00b7ae207..b1218212c 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1970,10 +1970,9 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, * Make a copy of the frame since we need to modify the buffer during * MAC validation and Key Data decryption. */ - tmp = os_malloc(data_len); + tmp = os_memdup(buf, data_len); if (tmp == NULL) goto out; - os_memcpy(tmp, buf, data_len); key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr)); mic = (u8 *) (key + 1); key_data = mic + mic_len + 2; @@ -2896,11 +2895,10 @@ int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, * the correct version of the IE even if PMKSA caching is * aborted (which would remove PMKID from IE generation). */ - sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); + sm->assoc_wpa_ie = os_memdup(wpa_ie, *wpa_ie_len); if (sm->assoc_wpa_ie == NULL) return -1; - os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); sm->assoc_wpa_ie_len = *wpa_ie_len; } else { wpa_hexdump(MSG_DEBUG, @@ -2936,11 +2934,10 @@ int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) sm->assoc_wpa_ie_len = 0; } else { wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); - sm->assoc_wpa_ie = os_malloc(len); + sm->assoc_wpa_ie = os_memdup(ie, len); if (sm->assoc_wpa_ie == NULL) return -1; - os_memcpy(sm->assoc_wpa_ie, ie, len); sm->assoc_wpa_ie_len = len; } @@ -2971,11 +2968,10 @@ int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) sm->ap_wpa_ie_len = 0; } else { wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); - sm->ap_wpa_ie = os_malloc(len); + sm->ap_wpa_ie = os_memdup(ie, len); if (sm->ap_wpa_ie == NULL) return -1; - os_memcpy(sm->ap_wpa_ie, ie, len); sm->ap_wpa_ie_len = len; } @@ -3006,11 +3002,10 @@ int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) sm->ap_rsn_ie_len = 0; } else { wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); - sm->ap_rsn_ie = os_malloc(len); + sm->ap_rsn_ie = os_memdup(ie, len); if (sm->ap_rsn_ie == NULL) return -1; - os_memcpy(sm->ap_rsn_ie, ie, len); sm->ap_rsn_ie_len = len; } diff --git a/src/tls/tlsv1_client_read.c b/src/tls/tlsv1_client_read.c index 244c3cb06..e66f1a988 100644 --- a/src/tls/tlsv1_client_read.c +++ b/src/tls/tlsv1_client_read.c @@ -685,10 +685,9 @@ static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn, pos, conn->dh_p_len); goto fail; } - conn->dh_p = os_malloc(conn->dh_p_len); + conn->dh_p = os_memdup(pos, conn->dh_p_len); if (conn->dh_p == NULL) goto fail; - os_memcpy(conn->dh_p, pos, conn->dh_p_len); pos += conn->dh_p_len; wpa_hexdump(MSG_DEBUG, "TLSv1: DH p (prime)", conn->dh_p, conn->dh_p_len); @@ -700,10 +699,9 @@ static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn, if (val == 0 || val > (size_t) (end - pos)) goto fail; conn->dh_g_len = val; - conn->dh_g = os_malloc(conn->dh_g_len); + conn->dh_g = os_memdup(pos, conn->dh_g_len); if (conn->dh_g == NULL) goto fail; - os_memcpy(conn->dh_g, pos, conn->dh_g_len); pos += conn->dh_g_len; wpa_hexdump(MSG_DEBUG, "TLSv1: DH g (generator)", conn->dh_g, conn->dh_g_len); @@ -717,10 +715,9 @@ static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn, if (val == 0 || val > (size_t) (end - pos)) goto fail; conn->dh_ys_len = val; - conn->dh_ys = os_malloc(conn->dh_ys_len); + conn->dh_ys = os_memdup(pos, conn->dh_ys_len); if (conn->dh_ys == NULL) goto fail; - os_memcpy(conn->dh_ys, pos, conn->dh_ys_len); pos += conn->dh_ys_len; wpa_hexdump(MSG_DEBUG, "TLSv1: DH Ys (server's public value)", conn->dh_ys, conn->dh_ys_len); diff --git a/src/tls/tlsv1_cred.c b/src/tls/tlsv1_cred.c index 52c1ae014..842e5dd72 100644 --- a/src/tls/tlsv1_cred.c +++ b/src/tls/tlsv1_cred.c @@ -1166,10 +1166,9 @@ static int tlsv1_set_dhparams_der(struct tlsv1_credentials *cred, if (hdr.length == 0) return -1; os_free(cred->dh_p); - cred->dh_p = os_malloc(hdr.length); + cred->dh_p = os_memdup(hdr.payload, hdr.length); if (cred->dh_p == NULL) return -1; - os_memcpy(cred->dh_p, hdr.payload, hdr.length); cred->dh_p_len = hdr.length; pos = hdr.payload + hdr.length; @@ -1188,10 +1187,9 @@ static int tlsv1_set_dhparams_der(struct tlsv1_credentials *cred, if (hdr.length == 0) return -1; os_free(cred->dh_g); - cred->dh_g = os_malloc(hdr.length); + cred->dh_g = os_memdup(hdr.payload, hdr.length); if (cred->dh_g == NULL) return -1; - os_memcpy(cred->dh_g, hdr.payload, hdr.length); cred->dh_g_len = hdr.length; return 0; diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c index 0d6ee67ab..f80c9a358 100644 --- a/src/tls/x509v3.c +++ b/src/tls/x509v3.c @@ -274,13 +274,12 @@ static int x509_parse_public_key(const u8 *buf, size_t len, */ } os_free(cert->public_key); - cert->public_key = os_malloc(hdr.length - 1); + cert->public_key = os_memdup(pos + 1, hdr.length - 1); if (cert->public_key == NULL) { wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for " "public key"); return -1; } - os_memcpy(cert->public_key, pos + 1, hdr.length - 1); cert->public_key_len = hdr.length - 1; wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey", cert->public_key, cert->public_key_len); @@ -925,10 +924,9 @@ static int x509_parse_alt_name_ip(struct x509_name *name, /* iPAddress OCTET STRING */ wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len); os_free(name->ip); - name->ip = os_malloc(len); + name->ip = os_memdup(pos, len); if (name->ip == NULL) return -1; - os_memcpy(name->ip, pos, len); name->ip_len = len; return 0; } @@ -1700,14 +1698,13 @@ struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len) return NULL; } os_free(cert->sign_value); - cert->sign_value = os_malloc(hdr.length - 1); + cert->sign_value = os_memdup(pos + 1, hdr.length - 1); if (cert->sign_value == NULL) { wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for " "signatureValue"); x509_certificate_free(cert); return NULL; } - os_memcpy(cert->sign_value, pos + 1, hdr.length - 1); cert->sign_value_len = hdr.length - 1; wpa_hexdump(MSG_MSGDUMP, "X509: signature", cert->sign_value, cert->sign_value_len); diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c index a06aae8d9..6f993e4b7 100644 --- a/src/utils/http_curl.c +++ b/src/utils/http_curl.c @@ -486,12 +486,11 @@ static void add_logo(struct http_ctx *ctx, struct http_cert *hcert, return; n->hash_len = ASN1_STRING_length(hash->hashValue); - n->hash = os_malloc(n->hash_len); + n->hash = os_memdup(ASN1_STRING_data(hash->hashValue), n->hash_len); if (n->hash == NULL) { os_free(n->alg_oid); return; } - os_memcpy(n->hash, ASN1_STRING_data(hash->hashValue), n->hash_len); len = ASN1_STRING_length(uri); n->uri = os_malloc(len + 1); diff --git a/src/wps/wps.c b/src/wps/wps.c index fade6b690..8d228270f 100644 --- a/src/wps/wps.c +++ b/src/wps/wps.c @@ -51,12 +51,11 @@ struct wps_data * wps_init(const struct wps_config *cfg) } if (cfg->pin) { data->dev_pw_id = cfg->dev_pw_id; - data->dev_password = os_malloc(cfg->pin_len); + data->dev_password = os_memdup(cfg->pin, cfg->pin_len); if (data->dev_password == NULL) { os_free(data); return NULL; } - os_memcpy(data->dev_password, cfg->pin, cfg->pin_len); data->dev_password_len = cfg->pin_len; wpa_hexdump_key(MSG_DEBUG, "WPS: AP PIN dev_password", data->dev_password, data->dev_password_len); @@ -75,14 +74,12 @@ struct wps_data * wps_init(const struct wps_config *cfg) data->dev_pw_id = cfg->wps->ap_nfc_dev_pw_id; data->dev_password = - os_malloc(wpabuf_len(cfg->wps->ap_nfc_dev_pw)); + os_memdup(wpabuf_head(cfg->wps->ap_nfc_dev_pw), + wpabuf_len(cfg->wps->ap_nfc_dev_pw)); if (data->dev_password == NULL) { os_free(data); return NULL; } - os_memcpy(data->dev_password, - wpabuf_head(cfg->wps->ap_nfc_dev_pw), - wpabuf_len(cfg->wps->ap_nfc_dev_pw)); data->dev_password_len = wpabuf_len(cfg->wps->ap_nfc_dev_pw); wpa_hexdump_key(MSG_DEBUG, "WPS: NFC dev_password", data->dev_password, data->dev_password_len); @@ -124,15 +121,14 @@ struct wps_data * wps_init(const struct wps_config *cfg) if (cfg->new_ap_settings) { data->new_ap_settings = - os_malloc(sizeof(*data->new_ap_settings)); + os_memdup(cfg->new_ap_settings, + sizeof(*data->new_ap_settings)); if (data->new_ap_settings == NULL) { bin_clear_free(data->dev_password, data->dev_password_len); os_free(data); return NULL; } - os_memcpy(data->new_ap_settings, cfg->new_ap_settings, - sizeof(*data->new_ap_settings)); } if (cfg->peer_addr) diff --git a/src/wps/wps_er.c b/src/wps/wps_er.c index b840acd92..affd6a4af 100644 --- a/src/wps/wps_er.c +++ b/src/wps/wps_er.c @@ -322,11 +322,10 @@ static int wps_er_ap_use_cached_settings(struct wps_er *er, if (!s) return -1; - ap->ap_settings = os_malloc(sizeof(*ap->ap_settings)); + ap->ap_settings = os_memdup(&s->ap_settings, sizeof(*ap->ap_settings)); if (ap->ap_settings == NULL) return -1; - os_memcpy(ap->ap_settings, &s->ap_settings, sizeof(*ap->ap_settings)); wpa_printf(MSG_DEBUG, "WPS ER: Use cached AP settings"); return 0; } @@ -1958,10 +1957,9 @@ int wps_er_set_config(struct wps_er *er, const u8 *uuid, const u8 *addr, } os_free(ap->ap_settings); - ap->ap_settings = os_malloc(sizeof(*cred)); + ap->ap_settings = os_memdup(cred, sizeof(*cred)); if (ap->ap_settings == NULL) return -1; - os_memcpy(ap->ap_settings, cred, sizeof(*cred)); ap->ap_settings->cred_attr = NULL; wpa_printf(MSG_DEBUG, "WPS ER: Updated local AP settings based set " "config request"); @@ -2018,10 +2016,9 @@ int wps_er_config(struct wps_er *er, const u8 *uuid, const u8 *addr, } os_free(ap->ap_settings); - ap->ap_settings = os_malloc(sizeof(*cred)); + ap->ap_settings = os_memdup(cred, sizeof(*cred)); if (ap->ap_settings == NULL) return -1; - os_memcpy(ap->ap_settings, cred, sizeof(*cred)); ap->ap_settings->cred_attr = NULL; if (wps_er_send_get_device_info(ap, wps_er_ap_config_m1) < 0) diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c index fac8bd837..def2ad690 100644 --- a/src/wps/wps_registrar.c +++ b/src/wps/wps_registrar.c @@ -748,12 +748,11 @@ int wps_registrar_add_pin(struct wps_registrar *reg, const u8 *addr, p->wildcard_uuid = 1; else os_memcpy(p->uuid, uuid, WPS_UUID_LEN); - p->pin = os_malloc(pin_len); + p->pin = os_memdup(pin, pin_len); if (p->pin == NULL) { os_free(p); return -1; } - os_memcpy(p->pin, pin, pin_len); p->pin_len = pin_len; if (timeout) { @@ -1404,10 +1403,9 @@ static int wps_get_dev_password(struct wps_data *wps) return -1; } - wps->dev_password = os_malloc(pin_len); + wps->dev_password = os_memdup(pin, pin_len); if (wps->dev_password == NULL) return -1; - os_memcpy(wps->dev_password, pin, pin_len); wps->dev_password_len = pin_len; return 0; diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c index e04e5aa00..aa0566ded 100644 --- a/wlantest/rx_eapol.c +++ b/wlantest/rx_eapol.c @@ -41,10 +41,9 @@ static int check_mic(const u8 *kck, size_t kck_len, int akmp, int ver, u8 rx_mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; size_t mic_len = wpa_mic_len(akmp); - buf = os_malloc(len); + buf = os_memdup(data, len); if (buf == NULL) return -1; - os_memcpy(buf, data, len); hdr = (struct ieee802_1x_hdr *) buf; key = (struct wpa_eapol_key *) (hdr + 1); @@ -355,13 +354,12 @@ static u8 * decrypt_eapol_key_data_rc4(struct wlantest *wt, const u8 *kek, { u8 ek[32], *buf; - buf = os_malloc(keydatalen); + buf = os_memdup(keydata, keydatalen); if (buf == NULL) return NULL; os_memcpy(ek, hdr->key_iv, 16); os_memcpy(ek + 16, kek, 16); - os_memcpy(buf, keydata, keydatalen); if (rc4_skip(ek, 32, 256, buf, keydatalen)) { add_note(wt, MSG_INFO, "RC4 failed"); os_free(buf); diff --git a/wlantest/tkip.c b/wlantest/tkip.c index 63366d5e2..d616d4308 100644 --- a/wlantest/tkip.c +++ b/wlantest/tkip.c @@ -318,10 +318,9 @@ u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, wpa_hexdump(MSG_EXCESSIVE, "TKIP RC4KEY", rc4key, sizeof(rc4key)); plain_len = data_len - 8; - plain = os_malloc(plain_len); + plain = os_memdup(data + 8, plain_len); if (plain == NULL) return NULL; - os_memcpy(plain, data + 8, plain_len); wep_crypt(rc4key, plain, plain_len); icv = crc32(plain, plain_len - 4); diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index 1721d6a62..f2edb4f06 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -318,11 +318,10 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, for (i = 0; i < NUM_WEP_KEYS; i++) { if (ssid->wep_key_len[i] == 0) continue; - wep->key[i] = os_malloc(ssid->wep_key_len[i]); + wep->key[i] = os_memdup(ssid->wep_key[i], + ssid->wep_key_len[i]); if (wep->key[i] == NULL) return -1; - os_memcpy(wep->key[i], ssid->wep_key[i], - ssid->wep_key_len[i]); wep->len[i] = ssid->wep_key_len[i]; } wep->idx = ssid->wep_tx_keyidx; diff --git a/wpa_supplicant/config_winreg.c b/wpa_supplicant/config_winreg.c index 82ba3b015..6bea59760 100644 --- a/wpa_supplicant/config_winreg.c +++ b/wpa_supplicant/config_winreg.c @@ -99,13 +99,12 @@ static int wpa_config_read_blobs(struct wpa_config *config, HKEY hk) break; } blob->name = os_strdup((char *) name); - blob->data = os_malloc(datalen); + blob->data = os_memdup(data, datalen); if (blob->name == NULL || blob->data == NULL) { wpa_config_free_blob(blob); errors++; break; } - os_memcpy(blob->data, data, datalen); blob->len = datalen; wpa_config_set_blob(config, blob); diff --git a/wpa_supplicant/ctrl_iface_named_pipe.c b/wpa_supplicant/ctrl_iface_named_pipe.c index 54e0e2fac..9c0a47e63 100644 --- a/wpa_supplicant/ctrl_iface_named_pipe.c +++ b/wpa_supplicant/ctrl_iface_named_pipe.c @@ -319,13 +319,12 @@ static void wpa_supplicant_ctrl_iface_rx(struct wpa_ctrl_dst *dst, size_t len) } os_free(dst->rsp_buf); - dst->rsp_buf = os_malloc(send_len); + dst->rsp_buf = os_memdup(send_buf, send_len); if (dst->rsp_buf == NULL) { ctrl_close_pipe(dst); os_free(reply); return; } - os_memcpy(dst->rsp_buf, send_buf, send_len); os_free(reply); if (!WriteFileEx(dst->pipe, dst->rsp_buf, send_len, &dst->overlap, @@ -739,13 +738,12 @@ static void wpa_supplicant_global_iface_rx(struct wpa_global_dst *dst, } os_free(dst->rsp_buf); - dst->rsp_buf = os_malloc(send_len); + dst->rsp_buf = os_memdup(send_buf, send_len); if (dst->rsp_buf == NULL) { global_close_pipe(dst); os_free(reply); return; } - os_memcpy(dst->rsp_buf, send_buf, send_len); os_free(reply); if (!WriteFileEx(dst->pipe, dst->rsp_buf, send_len, &dst->overlap, diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index 5fca4a758..56e6aab97 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -1076,12 +1076,11 @@ static int wpas_dbus_get_scan_ssids(DBusMessage *message, DBusMessageIter *var, } if (len != 0) { - ssid = os_malloc(len); + ssid = os_memdup(val, len); if (ssid == NULL) { *reply = wpas_dbus_error_no_memory(message); return -1; } - os_memcpy(ssid, val, len); } else { /* Allow zero-length SSIDs */ ssid = NULL; @@ -1927,13 +1926,12 @@ DBusMessage * wpas_dbus_handler_add_blob(DBusMessage *message, goto err; } - blob->data = os_malloc(blob_len); + blob->data = os_memdup(blob_data, blob_len); blob->name = os_strdup(blob_name); if (!blob->data || !blob->name) { reply = wpas_dbus_error_no_memory(message); goto err; } - os_memcpy(blob->data, blob_data, blob_len); blob->len = blob_len; wpa_config_set_blob(wpa_s->conf, blob); diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c index e88f147bb..cbcbc95ce 100644 --- a/wpa_supplicant/hs20_supplicant.c +++ b/wpa_supplicant/hs20_supplicant.c @@ -429,10 +429,9 @@ static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s, dl_list_for_each(icon, &wpa_s->icon_head, struct icon_entry, list) { if (icon->dialog_token == dialog_token && !icon->image && os_memcmp(icon->bssid, sa, ETH_ALEN) == 0) { - icon->image = os_malloc(slen); + icon->image = os_memdup(pos, slen); if (!icon->image) return -1; - os_memcpy(icon->image, pos, slen); icon->image_len = slen; hs20_remove_duplicate_icons(wpa_s, icon); wpa_msg(wpa_s, MSG_INFO, diff --git a/wpa_supplicant/ibss_rsn.c b/wpa_supplicant/ibss_rsn.c index 954061ae4..e5e68626d 100644 --- a/wpa_supplicant/ibss_rsn.c +++ b/wpa_supplicant/ibss_rsn.c @@ -760,10 +760,9 @@ static int ibss_rsn_process_rx_eapol(struct ibss_rsn *ibss_rsn, if (supp < 0) return -1; - tmp = os_malloc(len); + tmp = os_memdup(buf, len); if (tmp == NULL) return -1; - os_memcpy(tmp, buf, len); if (supp) { peer->authentication_status |= IBSS_RSN_AUTH_EAPOL_BY_PEER; wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Supplicant from " diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c index d7d6455c1..01b657e33 100644 --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c @@ -259,11 +259,10 @@ static int wpa_supplicant_mesh_init(struct wpa_supplicant *wpa_s, * advertised in beacons match the one in peering frames, sigh. */ if (conf->hw_mode == HOSTAPD_MODE_IEEE80211G) { - conf->basic_rates = os_malloc(sizeof(basic_rates_erp)); + conf->basic_rates = os_memdup(basic_rates_erp, + sizeof(basic_rates_erp)); if (!conf->basic_rates) goto out_free; - os_memcpy(conf->basic_rates, basic_rates_erp, - sizeof(basic_rates_erp)); } } else { rate_len = 0; @@ -306,11 +305,10 @@ static int wpa_supplicant_mesh_init(struct wpa_supplicant *wpa_s, wpas_mesh_copy_groups(bss, wpa_s); } else { bss->conf->sae_groups = - os_malloc(sizeof(default_groups)); + os_memdup(default_groups, + sizeof(default_groups)); if (!bss->conf->sae_groups) goto out_free; - os_memcpy(bss->conf->sae_groups, default_groups, - sizeof(default_groups)); } len = os_strlen(ssid->passphrase); diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c index f59f5e860..d19531a3d 100644 --- a/wpa_supplicant/scan.c +++ b/wpa_supplicant/scan.c @@ -2341,11 +2341,10 @@ wpa_scan_clone_params(const struct wpa_driver_scan_params *src) for (i = 0; i < src->num_ssids; i++) { if (src->ssids[i].ssid) { - n = os_malloc(src->ssids[i].ssid_len); + n = os_memdup(src->ssids[i].ssid, + src->ssids[i].ssid_len); if (n == NULL) goto failed; - os_memcpy(n, src->ssids[i].ssid, - src->ssids[i].ssid_len); params->ssids[i].ssid = n; params->ssids[i].ssid_len = src->ssids[i].ssid_len; } @@ -2353,30 +2352,26 @@ wpa_scan_clone_params(const struct wpa_driver_scan_params *src) params->num_ssids = src->num_ssids; if (src->extra_ies) { - n = os_malloc(src->extra_ies_len); + n = os_memdup(src->extra_ies, src->extra_ies_len); if (n == NULL) goto failed; - os_memcpy(n, src->extra_ies, src->extra_ies_len); params->extra_ies = n; params->extra_ies_len = src->extra_ies_len; } if (src->freqs) { int len = int_array_len(src->freqs); - params->freqs = os_malloc((len + 1) * sizeof(int)); + params->freqs = os_memdup(src->freqs, (len + 1) * sizeof(int)); if (params->freqs == NULL) goto failed; - os_memcpy(params->freqs, src->freqs, (len + 1) * sizeof(int)); } if (src->filter_ssids) { - params->filter_ssids = os_malloc(sizeof(*params->filter_ssids) * + params->filter_ssids = os_memdup(src->filter_ssids, + sizeof(*params->filter_ssids) * src->num_filter_ssids); if (params->filter_ssids == NULL) goto failed; - os_memcpy(params->filter_ssids, src->filter_ssids, - sizeof(*params->filter_ssids) * - src->num_filter_ssids); params->num_filter_ssids = src->num_filter_ssids; } @@ -2389,14 +2384,12 @@ wpa_scan_clone_params(const struct wpa_driver_scan_params *src) if (src->sched_scan_plans_num > 0) { params->sched_scan_plans = - os_malloc(sizeof(*src->sched_scan_plans) * + os_memdup(src->sched_scan_plans, + sizeof(*src->sched_scan_plans) * src->sched_scan_plans_num); if (!params->sched_scan_plans) goto failed; - os_memcpy(params->sched_scan_plans, src->sched_scan_plans, - sizeof(*src->sched_scan_plans) * - src->sched_scan_plans_num); params->sched_scan_plans_num = src->sched_scan_plans_num; } @@ -2421,10 +2414,9 @@ wpa_scan_clone_params(const struct wpa_driver_scan_params *src) if (src->bssid) { u8 *bssid; - bssid = os_malloc(ETH_ALEN); + bssid = os_memdup(src->bssid, ETH_ALEN); if (!bssid) goto failed; - os_memcpy(bssid, src->bssid, ETH_ALEN); params->bssid = bssid; } diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index c2fc5f9ec..84d02c38c 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -1167,10 +1167,9 @@ int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md, os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN); wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len); os_free(wpa_s->sme.ft_ies); - wpa_s->sme.ft_ies = os_malloc(ies_len); + wpa_s->sme.ft_ies = os_memdup(ies, ies_len); if (wpa_s->sme.ft_ies == NULL) return -1; - os_memcpy(wpa_s->sme.ft_ies, ies, ies_len); wpa_s->sme.ft_ies_len = ies_len; return 0; } diff --git a/wpa_supplicant/wmm_ac.c b/wpa_supplicant/wmm_ac.c index 5625d3663..a88cc46f3 100644 --- a/wpa_supplicant/wmm_ac.c +++ b/wpa_supplicant/wmm_ac.c @@ -87,13 +87,10 @@ static int wmm_ac_add_ts(struct wpa_supplicant *wpa_s, const u8 *addr, } /* copy tspec */ - _tspec = os_malloc(sizeof(*_tspec)); + _tspec = os_memdup(tspec, sizeof(*_tspec)); if (!_tspec) return -1; - /* store the admitted TSPEC */ - os_memcpy(_tspec, tspec, sizeof(*_tspec)); - if (dir != WMM_AC_DIR_DOWNLINK) { ret = wpa_drv_add_ts(wpa_s, tsid, addr, up, admitted_time); wpa_printf(MSG_DEBUG, diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c index 9bcb039a4..f7200bf2b 100644 --- a/wpa_supplicant/wnm_sta.c +++ b/wpa_supplicant/wnm_sta.c @@ -85,12 +85,11 @@ int ieee802_11_send_wnmsleep_req(struct wpa_supplicant *wpa_s, /* TFS IE(s) */ if (tfs_req) { wnmtfs_ie_len = wpabuf_len(tfs_req); - wnmtfs_ie = os_malloc(wnmtfs_ie_len); + wnmtfs_ie = os_memdup(wpabuf_head(tfs_req), wnmtfs_ie_len); if (wnmtfs_ie == NULL) { os_free(wnmsleep_ie); return -1; } - os_memcpy(wnmtfs_ie, wpabuf_head(tfs_req), wnmtfs_ie_len); } else { wnmtfs_ie = os_zalloc(MAX_TFS_IE_LEN); if (wnmtfs_ie == NULL) { diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c index 74a420c67..78c455e75 100644 --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -1027,10 +1027,9 @@ static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s, continue; os_free(ssid->ssid); - ssid->ssid = os_malloc(bss->ssid_len); + ssid->ssid = os_memdup(bss->ssid, bss->ssid_len); if (ssid->ssid == NULL) break; - os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len); ssid->ssid_len = bss->ssid_len; wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from " "scan results",