Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

eap-wsc: Fix possible memory leaks 

While parsing WSC registrar settings, the variable 'str' which is used
in multiple areas can be leaked.  Fix that.
This commit is contained in:
Denis Kenzior 2021-02-08 15:46:45 -06:00
parent 897ef661fe
commit f7df7939e6
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/eap-wsc.c
View File

@ -2058,7 +2058,7 @@ static bool eap_wsc_r_load_settings(struct eap_state *eap,
str = l_settings_get_string(settings, "WSC", "WPA2-SSID");
if (str) {
if (strlen(str) > 32)
goto err;
goto bad_string;
wsc->m2->auth_type_flags |=
WSC_AUTHENTICATION_TYPE_WPA2_PERSONAL;
@ -2077,12 +2077,13 @@ static bool eap_wsc_r_load_settings(struct eap_state *eap,
if (len < 8 || len > 63) {
explicit_bzero(str, len);
goto err;
goto bad_string;
}
memcpy(wsc->wpa2_cred.network_key, str, len);
wsc->wpa2_cred.network_key_len = len;
explicit_bzero(str, len);
l_free(str);
} else {
uint8_t buf[32];
@ -2103,7 +2104,7 @@ static bool eap_wsc_r_load_settings(struct eap_state *eap,
str = l_settings_get_string(settings, "WSC", "Open-SSID");
if (str) {
if (strlen(str) > 32)
goto err;
goto bad_string;
wsc->m2->auth_type_flags |= WSC_AUTHENTICATION_TYPE_OPEN;
wsc->m2->encryption_type_flags |= WSC_ENCRYPTION_TYPE_NONE;
@ -2137,6 +2138,8 @@ static bool eap_wsc_r_load_settings(struct eap_state *eap,
return true;
bad_string:
l_free(str);
err:
eap_wsc_state_free(wsc);
return false;