3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-26 18:59:22 +01:00

eap-wsc: Do not leak device_password

device password was read from settings using l_settings_get_string which
returns a newly-allocated string due to un-escape semantics.  However,
when assigning wsc->device_password, we strdup-ed the password again
unnecessarily.

==1069== 14 bytes in 2 blocks are definitely lost in loss record 1 of 1
==1069==    at 0x4C2AF0F: malloc (vg_replace_malloc.c:299)
==1069==    by 0x16696A: l_malloc (util.c:62)
==1069==    by 0x16B14B: unescape_value (settings.c:108)
==1069==    by 0x16D12C: l_settings_get_string (settings.c:971)
==1069==    by 0x149680: eap_wsc_load_settings (eap-wsc.c:1270)
==1069==    by 0x146113: eap_load_settings (eap.c:556)
==1069==    by 0x12E079: eapol_start (eapol.c:2022)
==1069==    by 0x1143A5: netdev_connect_event (netdev.c:1728)
==1069==    by 0x118751: netdev_mlme_notify (netdev.c:3406)
==1069==    by 0x1734F1: notify_handler (genl.c:454)
==1069==    by 0x168987: l_queue_foreach (queue.c:441)
==1069==    by 0x173561: process_multicast (genl.c:469)
This commit is contained in:
Denis Kenzior 2018-09-24 12:13:57 -05:00
parent 2527f79670
commit b60e79b8dd

View File

@ -1159,7 +1159,6 @@ static bool eap_wsc_load_settings(struct eap_state *eap,
uint8_t private_key[192]; uint8_t private_key[192];
size_t len; size_t len;
unsigned int u32; unsigned int u32;
const char *device_password;
wsc = l_new(struct eap_wsc_state, 1); wsc = l_new(struct eap_wsc_state, 1);
@ -1267,17 +1266,16 @@ static bool eap_wsc_load_settings(struct eap_state *eap,
wsc->m1->device_password_id = u32; wsc->m1->device_password_id = u32;
device_password = l_settings_get_string(settings, "WSC", wsc->device_password = l_settings_get_string(settings, "WSC",
"DevicePassword"); "DevicePassword");
if (device_password) { if (wsc->device_password) {
int i; int i;
for (i = 0; device_password[i]; i++) { for (i = 0; wsc->device_password[i]; i++) {
if (!l_ascii_isxdigit(device_password[i])) if (!l_ascii_isxdigit(wsc->device_password[i]))
goto err; goto err;
} }
wsc->device_password = strdup(device_password);
/* /*
* WSC 2.0.5: Section 7.4: * WSC 2.0.5: Section 7.4:
* If an out-of-band mechanism is used as the configuration * If an out-of-band mechanism is used as the configuration