[PATCH] wpa_supplicant: fix 2 memory leaks in ieee802_1x_create_preshared_mka()
Davide Caratti
davide.caratti at gmail.com
Thu Mar 8 08:15:02 PST 2018
in case MKA is initialized successfully, local copies of CAK and CKN are
allocated, but never freed: ensure that such memory is released also when
ieee802_1x_kay_create_mka() returns a valid pointer.
Fixes: ad51731abf06 ("wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA")
Signed-off-by: Davide Caratti <davide.caratti at gmail.com>
---
wpa_supplicant/wpas_kay.c | 32 +++++++++++++++-----------------
1 file changed, 15 insertions(+), 17 deletions(-)
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c
index 11708b8a6..d3d06b8ae 100644
--- a/wpa_supplicant/wpas_kay.c
+++ b/wpa_supplicant/wpas_kay.c
@@ -392,25 +392,25 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
{
struct mka_key *cak;
struct mka_key_name *ckn;
- void *res;
+ void *res = NULL;
if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
- return NULL;
-
- if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0)
- return NULL;
-
- if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
- return NULL;
+ goto end;
ckn = os_zalloc(sizeof(*ckn));
if (!ckn)
- goto dealloc;
+ goto end;
cak = os_zalloc(sizeof(*cak));
if (!cak)
goto free_ckn;
+ if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
+ goto free_cak;
+
+ if (wpa_s->kay->policy == DO_NOT_SECURE)
+ goto dealloc;
+
cak->len = MACSEC_CAK_LEN;
os_memcpy(cak->key, ssid->mka_cak, cak->len);
@@ -419,17 +419,15 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);
if (res)
- return res;
+ goto free_cak;
+dealloc:
/* Failed to create MKA */
+ ieee802_1x_dealloc_kay_sm(wpa_s);
+free_cak:
os_free(cak);
-
- /* fallthrough */
-
free_ckn:
os_free(ckn);
-dealloc:
- ieee802_1x_dealloc_kay_sm(wpa_s);
-
- return NULL;
+end:
+ return res;
}
--
2.14.3
More information about the Hostap
mailing list