From b60e79b8dd3161a42152264d10aa7e467b8adfa5 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Mon, 24 Sep 2018 12:13:57 -0500
Subject: [PATCH] eap-wsc: Do not leak device_password

device password was read from settings using l_settings_get_string which
returns a newly-allocated string due to un-escape semantics.  However,
when assigning wsc->device_password, we strdup-ed the password again
unnecessarily.

==1069== 14 bytes in 2 blocks are definitely lost in loss record 1 of 1
==1069==    at 0x4C2AF0F: malloc (vg_replace_malloc.c:299)
==1069==    by 0x16696A: l_malloc (util.c:62)
==1069==    by 0x16B14B: unescape_value (settings.c:108)
==1069==    by 0x16D12C: l_settings_get_string (settings.c:971)
==1069==    by 0x149680: eap_wsc_load_settings (eap-wsc.c:1270)
==1069==    by 0x146113: eap_load_settings (eap.c:556)
==1069==    by 0x12E079: eapol_start (eapol.c:2022)
==1069==    by 0x1143A5: netdev_connect_event (netdev.c:1728)
==1069==    by 0x118751: netdev_mlme_notify (netdev.c:3406)
==1069==    by 0x1734F1: notify_handler (genl.c:454)
==1069==    by 0x168987: l_queue_foreach (queue.c:441)
==1069==    by 0x173561: process_multicast (genl.c:469)
---
 src/eap-wsc.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/eap-wsc.c b/src/eap-wsc.c
index 8027fa35..72b8e2a8 100644
--- a/src/eap-wsc.c
+++ b/src/eap-wsc.c
@@ -1159,7 +1159,6 @@ static bool eap_wsc_load_settings(struct eap_state *eap,
 	uint8_t private_key[192];
 	size_t len;
 	unsigned int u32;
-	const char *device_password;
 
 	wsc = l_new(struct eap_wsc_state, 1);
 
@@ -1267,17 +1266,16 @@ static bool eap_wsc_load_settings(struct eap_state *eap,
 
 	wsc->m1->device_password_id = u32;
 
-	device_password = l_settings_get_string(settings, "WSC",
+	wsc->device_password = l_settings_get_string(settings, "WSC",
 							"DevicePassword");
-	if (device_password) {
+	if (wsc->device_password) {
 		int i;
 
-		for (i = 0; device_password[i]; i++) {
-			if (!l_ascii_isxdigit(device_password[i]))
+		for (i = 0; wsc->device_password[i]; i++) {
+			if (!l_ascii_isxdigit(wsc->device_password[i]))
 				goto err;
 		}
 
-		wsc->device_password = strdup(device_password);
 		/*
 		 * WSC 2.0.5: Section 7.4:
 		 * If an out-of-band mechanism is used as the configuration