mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
RADIUS server: Fix error paths in new session creation
radius_server_session_free() does not remove the session from the session list and these radius_server_get_new_session() error paths ended up leaving a pointer to freed memory into the session list. This resulted in the following operations failing due to use of freed memory. Fix this by using radius_server_session_remove() which removes the entry from the list in addition to calling radius_server_session_free(). Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
a47f214e3f
commit
de01f254a6
@ -662,14 +662,14 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||
|
||||
sess->username = os_malloc(user_len * 4 + 1);
|
||||
if (sess->username == NULL) {
|
||||
radius_server_session_free(data, sess);
|
||||
radius_server_session_remove(data, sess);
|
||||
return NULL;
|
||||
}
|
||||
printf_encode(sess->username, user_len * 4 + 1, user, user_len);
|
||||
|
||||
sess->nas_ip = os_strdup(from_addr);
|
||||
if (sess->nas_ip == NULL) {
|
||||
radius_server_session_free(data, sess);
|
||||
radius_server_session_remove(data, sess);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -702,7 +702,7 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||
if (sess->eap == NULL) {
|
||||
RADIUS_DEBUG("Failed to initialize EAP state machine for the "
|
||||
"new session");
|
||||
radius_server_session_free(data, sess);
|
||||
radius_server_session_remove(data, sess);
|
||||
return NULL;
|
||||
}
|
||||
sess->eap_if = eap_get_interface(sess->eap);
|
||||
|
Loading…
Reference in New Issue
Block a user