From c5906d1c205cfeb72b7082091e559f69a91334a7 Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Fri, 6 Jan 2017 02:51:17 -0500 Subject: [PATCH] mschapv2: Call set_key_material last in handle_success Make sure that eap_set_key_material can free the whole EAP method and EAP state machine before returning, by calling that function last. This relies on eap_mschapv2_handle_success being the last call in about 5 stack frames above it too. --- src/eap-mschapv2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/eap-mschapv2.c b/src/eap-mschapv2.c index 29475070..77fbc1bc 100644 --- a/src/eap-mschapv2.c +++ b/src/eap-mschapv2.c @@ -559,12 +559,13 @@ static void eap_mschapv2_handle_success(struct eap_state *eap, goto err; eap_method_success(eap); - /* The eapol set_key_material only needs msk, and that's all we got */ - eap_set_key_material(eap, session_key, 32, NULL, 0, NULL, 0); buffer[5] = MSCHAPV2_OP_SUCCESS; eap_send_response(eap, EAP_TYPE_MSCHAPV2, buffer, sizeof(buffer)); + /* The eapol set_key_material only needs msk, and that's all we got */ + eap_set_key_material(eap, session_key, 32, NULL, 0, NULL, 0); + return; err: