On Sun, Sep 15, 2019 at 10:08:22PM +0200, Alexander Wetzel wrote: > @@ -3045,26 +3046,31 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, > + key_msg = nlmsg_alloc(); ... > + if (nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) || > + nla_put_nested(msg, NL80211_ATTR_KEY, key_msg)) > goto fail; ... > + key_msg = nlmsg_alloc(); This seems to leak memory (that nla_put_nested() used key_msg, but did not free it). And also leave in key information in heap. > + if (nla_put_nested(msg, NL80211_ATTR_KEY, key_msg)) > + goto fail; > + > ret = send_and_recv_msgs(drv, msg, NULL, NULL); Same here. > +fail2: > + nl80211_nlmsg_clear(key_msg); > + nlmsg_free(key_msg); These need to be done in the success cases as well. No need to send this patch again because of this, though, since I've already addressed that in my work version. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
