rpms / wpa_supplicant

Clone
Source Code
GIT

Blame SOURCES/rh1500442-wpa_supplicant-Fix-memory-leaks-in-ieee802_1x_create.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   rh1500442-wpa_supplicant-Fix-memory-leaks-in-ieee802_1x_create.patch
Blob History Raw
41389a 
From 22151b111b493d4604c9490327c40fdac7bc4b37 Mon Sep 17 00:00:00 2001
41389a 
Message-Id: <22151b111b493d4604c9490327c40fdac7bc4b37.1525684664.git.davide.caratti@gmail.com>
41389a 
From: Davide Caratti <davide.caratti@gmail.com>
41389a 
Date: Thu, 8 Mar 2018 17:15:02 +0100
41389a 
Subject: [PATCH] wpa_supplicant: Fix memory leaks in
41389a 
 ieee802_1x_create_preshared_mka()
41389a
41389a 
In case MKA is initialized successfully, local copies of CAK and CKN
41389a 
were allocated, but never freed. Ensure that such memory is released
41389a 
also when ieee802_1x_kay_create_mka() returns a valid pointer.
41389a
41389a 
Fixes: ad51731abf06 ("wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA")
41389a 
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
41389a 
---
41389a 
 wpa_supplicant/wpas_kay.c | 32 +++++++++++++++-----------------
41389a 
 1 file changed, 15 insertions(+), 17 deletions(-)
41389a
41389a 
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c
41389a 
index 11708b8a6..d3d06b8ae 100644
41389a 
--- a/wpa_supplicant/wpas_kay.c
41389a 
+++ b/wpa_supplicant/wpas_kay.c
41389a 
@@ -392,25 +392,25 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
41389a 
 {
41389a 
 	struct mka_key *cak;
41389a 
 	struct mka_key_name *ckn;
41389a 
-	void *res;
41389a 
+	void *res = NULL;
41389a
41389a 
 	if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
41389a 
-		return NULL;
41389a 
-
41389a 
-	if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0)
41389a 
-		return NULL;
41389a 
-
41389a 
-	if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
41389a 
-		return NULL;
41389a 
+		goto end;
41389a
41389a 
 	ckn = os_zalloc(sizeof(*ckn));
41389a 
 	if (!ckn)
41389a 
-		goto dealloc;
41389a 
+		goto end;
41389a
41389a 
 	cak = os_zalloc(sizeof(*cak));
41389a 
 	if (!cak)
41389a 
 		goto free_ckn;
41389a
41389a 
+	if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
41389a 
+		goto free_cak;
41389a 
+
41389a 
+	if (wpa_s->kay->policy == DO_NOT_SECURE)
41389a 
+		goto dealloc;
41389a 
+
41389a 
 	cak->len = MACSEC_CAK_LEN;
41389a 
 	os_memcpy(cak->key, ssid->mka_cak, cak->len);
41389a
41389a 
@@ -419,17 +419,15 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
41389a
41389a 
 	res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);
41389a 
 	if (res)
41389a 
-		return res;
41389a 
+		goto free_cak;
41389a
41389a 
+dealloc:
41389a 
 	/* Failed to create MKA */
41389a 
+	ieee802_1x_dealloc_kay_sm(wpa_s);
41389a 
+free_cak:
41389a 
 	os_free(cak);
41389a 
-
41389a 
-	/* fallthrough */
41389a 
-
41389a 
 free_ckn:
41389a 
 	os_free(ckn);
41389a 
-dealloc:
41389a 
-	ieee802_1x_dealloc_kay_sm(wpa_s);
41389a 
-
41389a 
-	return NULL;
41389a 
+end:
41389a 
+	return res;
41389a 
 }
41389a 
--
41389a 
2.14.3
41389a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation