From 2b2b6185e4fed2779ffcb11b36184a2e7dda2bd6 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Mon, 8 Feb 2021 15:56:30 -0600
Subject: [PATCH] eap-tls: Fix potential memory leak

client-cert might be leaked if ClientKey loading fails
---
 src/eap-tls.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/eap-tls.c b/src/eap-tls.c
index b20a1b39..ecea94d9 100644
--- a/src/eap-tls.c
+++ b/src/eap-tls.c
@@ -366,7 +366,7 @@ static bool eap_tls_settings_load(struct eap_state *eap,
 		client_cert = eap_tls_load_client_cert(settings, value,
 							passphrase, NULL);
 		if (!client_cert)
-			goto load_error;
+			goto bad_client_cert;
 	}
 
 	l_free(value);
@@ -377,7 +377,7 @@ static bool eap_tls_settings_load(struct eap_state *eap,
 		client_key = eap_tls_load_priv_key(settings, value,
 							passphrase, NULL);
 		if (!client_key)
-			goto load_error;
+			goto bad_client_key;
 	}
 
 	l_free(value);
@@ -390,15 +390,17 @@ static bool eap_tls_settings_load(struct eap_state *eap,
 							&client_cert,
 							&client_key, NULL) ||
 			 !client_cert || !client_key)) {
-		l_certchain_free(client_cert);
-		l_key_free(client_key);
-		goto load_error;
+		goto bad_bundle;
 	}
 
 	eap_tls_common_set_keys(eap, client_cert, client_key);
 	return true;
 
-load_error:
+bad_bundle:
+	l_key_free(client_key);
+bad_client_key:
+	l_certchain_free(client_cert);
+bad_client_cert:
 	eap_tls_common_state_free(eap);
 	return false;
 }