|
 |
8f4474 |
From 22151b111b493d4604c9490327c40fdac7bc4b37 Mon Sep 17 00:00:00 2001
|
|
|
8f4474 |
Message-Id: <22151b111b493d4604c9490327c40fdac7bc4b37.1525684664.git.davide.caratti@gmail.com>
|
|
|
8f4474 |
From: Davide Caratti <davide.caratti@gmail.com>
|
|
|
8f4474 |
Date: Thu, 8 Mar 2018 17:15:02 +0100
|
|
|
8f4474 |
Subject: [PATCH] wpa_supplicant: Fix memory leaks in
|
|
|
8f4474 |
ieee802_1x_create_preshared_mka()
|
|
|
8f4474 |
|
|
|
8f4474 |
In case MKA is initialized successfully, local copies of CAK and CKN
|
|
|
8f4474 |
were allocated, but never freed. Ensure that such memory is released
|
|
|
8f4474 |
also when ieee802_1x_kay_create_mka() returns a valid pointer.
|
|
|
8f4474 |
|
|
|
8f4474 |
Fixes: ad51731abf06 ("wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA")
|
|
|
8f4474 |
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
|
|
|
8f4474 |
---
|
|
|
8f4474 |
wpa_supplicant/wpas_kay.c | 32 +++++++++++++++-----------------
|
|
|
8f4474 |
1 file changed, 15 insertions(+), 17 deletions(-)
|
|
|
8f4474 |
|
|
|
8f4474 |
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c
|
|
|
8f4474 |
index 11708b8a6..d3d06b8ae 100644
|
|
|
8f4474 |
--- a/wpa_supplicant/wpas_kay.c
|
|
|
8f4474 |
+++ b/wpa_supplicant/wpas_kay.c
|
|
|
8f4474 |
@@ -392,25 +392,25 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
|
|
|
8f4474 |
{
|
|
|
8f4474 |
struct mka_key *cak;
|
|
|
8f4474 |
struct mka_key_name *ckn;
|
|
|
8f4474 |
- void *res;
|
|
|
8f4474 |
+ void *res = NULL;
|
|
|
8f4474 |
|
|
|
8f4474 |
if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
|
|
|
8f4474 |
- return NULL;
|
|
|
8f4474 |
-
|
|
|
8f4474 |
- if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0)
|
|
|
8f4474 |
- return NULL;
|
|
|
8f4474 |
-
|
|
|
8f4474 |
- if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
|
|
|
8f4474 |
- return NULL;
|
|
|
8f4474 |
+ goto end;
|
|
|
8f4474 |
|
|
|
8f4474 |
ckn = os_zalloc(sizeof(*ckn));
|
|
|
8f4474 |
if (!ckn)
|
|
|
8f4474 |
- goto dealloc;
|
|
|
8f4474 |
+ goto end;
|
|
|
8f4474 |
|
|
|
8f4474 |
cak = os_zalloc(sizeof(*cak));
|
|
|
8f4474 |
if (!cak)
|
|
|
8f4474 |
goto free_ckn;
|
|
|
8f4474 |
|
|
|
8f4474 |
+ if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
|
|
|
8f4474 |
+ goto free_cak;
|
|
|
8f4474 |
+
|
|
|
8f4474 |
+ if (wpa_s->kay->policy == DO_NOT_SECURE)
|
|
|
8f4474 |
+ goto dealloc;
|
|
|
8f4474 |
+
|
|
|
8f4474 |
cak->len = MACSEC_CAK_LEN;
|
|
|
8f4474 |
os_memcpy(cak->key, ssid->mka_cak, cak->len);
|
|
|
8f4474 |
|
|
|
8f4474 |
@@ -419,17 +419,15 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
|
|
|
8f4474 |
|
|
|
8f4474 |
res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);
|
|
|
8f4474 |
if (res)
|
|
|
8f4474 |
- return res;
|
|
|
8f4474 |
+ goto free_cak;
|
|
|
8f4474 |
|
|
|
8f4474 |
+dealloc:
|
|
|
8f4474 |
/* Failed to create MKA */
|
|
|
8f4474 |
+ ieee802_1x_dealloc_kay_sm(wpa_s);
|
|
|
8f4474 |
+free_cak:
|
|
|
8f4474 |
os_free(cak);
|
|
|
8f4474 |
-
|
|
|
8f4474 |
- /* fallthrough */
|
|
|
8f4474 |
-
|
|
|
8f4474 |
free_ckn:
|
|
|
8f4474 |
os_free(ckn);
|
|
|
8f4474 |
-dealloc:
|
|
|
8f4474 |
- ieee802_1x_dealloc_kay_sm(wpa_s);
|
|
|
8f4474 |
-
|
|
|
8f4474 |
- return NULL;
|
|
|
8f4474 |
+end:
|
|
|
8f4474 |
+ return res;
|
|
|
8f4474 |
}
|
|
|
8f4474 |
--
|
|
|
8f4474 |
2.14.3
|
|
|
8f4474 |
|