From c02b1466c476d95f6e572cd9539e6de52a6c5ff0 Mon Sep 17 00:00:00 2001 From: Denis Kenzior Date: Fri, 9 Jul 2021 23:30:11 -0500 Subject: [PATCH] sae: Fix potential leak in sae_process_anti_clogging We may receive multiple anti-clogging request messages. We memdup the token every time, without checking whether memory for one has already been allocated. Free the old token prior to allocating a new one. --- src/sae.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/sae.c b/src/sae.c index 10e53f45..deafff10 100644 --- a/src/sae.c +++ b/src/sae.c @@ -898,6 +898,7 @@ static int sae_process_anti_clogging(struct sae_sm *sm, const uint8_t *ptr, return -EBADMSG; } + l_free(sm->token); sm->token = l_memdup(ptr, len); sm->token_len = len; sm->sync = 0;