[PATCH] wpa_supplicant: fix 2 memory leaks in ieee802_1x_create_preshared_mka()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



in case MKA is initialized successfully, local copies of CAK and CKN are
allocated, but never freed: ensure that such memory is released also when
ieee802_1x_kay_create_mka() returns a valid pointer.

Fixes: ad51731abf06 ("wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA")
Signed-off-by: Davide Caratti <davide.caratti@xxxxxxxxx>
---
 wpa_supplicant/wpas_kay.c | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c
index 11708b8a6..d3d06b8ae 100644
--- a/wpa_supplicant/wpas_kay.c
+++ b/wpa_supplicant/wpas_kay.c
@@ -392,25 +392,25 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
 {
 	struct mka_key *cak;
 	struct mka_key_name *ckn;
-	void *res;
+	void *res = NULL;
 
 	if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
-		return NULL;
-
-	if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0)
-		return NULL;
-
-	if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
-		return NULL;
+		goto end;
 
 	ckn = os_zalloc(sizeof(*ckn));
 	if (!ckn)
-		goto dealloc;
+		goto end;
 
 	cak = os_zalloc(sizeof(*cak));
 	if (!cak)
 		goto free_ckn;
 
+	if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
+		goto free_cak;
+
+	if (wpa_s->kay->policy == DO_NOT_SECURE)
+		goto dealloc;
+
 	cak->len = MACSEC_CAK_LEN;
 	os_memcpy(cak->key, ssid->mka_cak, cak->len);
 
@@ -419,17 +419,15 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
 
 	res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);
 	if (res)
-		return res;
+		goto free_cak;
 
+dealloc:
 	/* Failed to create MKA */
+	ieee802_1x_dealloc_kay_sm(wpa_s);
+free_cak:
 	os_free(cak);
-
-	/* fallthrough */
-
 free_ckn:
 	os_free(ckn);
-dealloc:
-	ieee802_1x_dealloc_kay_sm(wpa_s);
-
-	return NULL;
+end:
+	return res;
 }
-- 
2.14.3


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux