OpenSSL: Fix memory leak on an openssl_tls_prf() error path

Free tmp_out before returning to prevent memory leak in case the second memory allocation in openssl_tls_prf() fails. This is quite unlikely, but at least theoretically possible memory leak with EAP-FAST. Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2015-06-17 16:16:34 +03:00 · 2015-06-17 16:16:34 +03:00 · 144b6a0650
commit 144b6a0650
parent 0b5740fdef
1 changed files with 4 additions and 1 deletions
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@ -2747,8 +2747,11 @@ static int openssl_tls_prf(void *tls_ctx, struct tls_connection *conn,
 	}

 	rnd = os_malloc(2 * SSL3_RANDOM_SIZE);
-	if (rnd == NULL)
+	if (!rnd) {
+		os_free(tmp_out);
 		return -1;
+	}
+
 	if (server_random_first) {
 		os_memcpy(rnd, ssl->s3->server_random, SSL3_RANDOM_SIZE);
 		os_memcpy(rnd + SSL3_RANDOM_SIZE, ssl->s3->client_random,