feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

EAP-TTLS: Fix possible memory leak in eap_ttls_phase2_request_mschap()

Browse Source 
The msg buffer needs to be freed on these two error paths.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This commit is contained in:
Ilan Peer
2017-06-08 11:17:59 +03:00
committed by Sarvesh Bodakhe
parent 5c0fb10902
commit a539c63d68
1 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
components/wpa_supplicant/src/eap_peer/eap_ttls.c
View File

@@ -573,12 +573,26 @@ static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
os_memset(pos, 0, 24); /* LM-Response */ os_memset(pos, 0, 24); /* LM-Response */
pos += 24; pos += 24;
if (pwhash) { if (pwhash) {
challenge_response(challenge, password, pos); /* NT-Response */ /* NT-Response */
if (challenge_response(challenge, password, pos)) {
wpa_printf(MSG_ERROR,
"EAP-TTLS/MSCHAP: Failed derive password hash");
wpabuf_free(msg);
return -1;
}
wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password hash", wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password hash",
password, 16); password, 16);
} else { } else {
nt_challenge_response(challenge, password, password_len, /* NT-Response */
pos); /* NT-Response */ if (nt_challenge_response(challenge, password, password_len,
pos)) {
wpa_printf(MSG_ERROR,
"EAP-TTLS/MSCHAP: Failed derive password");
wpabuf_free(msg);
return -1;
}
wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password", wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password",
password, password_len); password, password_len);
} }