OpenSSL: Fix memory leak on an openssl_tls_prf() error path
Free tmp_out before returning to prevent memory leak in case the second memory allocation in openssl_tls_prf() fails. This is quite unlikely, but at least theoretically possible memory leak with EAP-FAST. Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
This commit is contained in:
Ben Rosenfeld
Jouni Malinen
parent
0b5740fdef
commit
144b6a0650
1 changed files with 4 additions and 1 deletions
|
|
@ -2747,8 +2747,11 @@ static int openssl_tls_prf(void *tls_ctx, struct tls_connection *conn,
|
||||||
}
|
}
|
||||||
|
|
||||||
rnd = os_malloc(2 * SSL3_RANDOM_SIZE);
|
rnd = os_malloc(2 * SSL3_RANDOM_SIZE);
|
||||||
if (rnd == NULL)
|
if (!rnd) {
|
||||||
|
os_free(tmp_out);
|
||||||
return -1;
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
if (server_random_first) {
|
if (server_random_first) {
|
||||||
os_memcpy(rnd, ssl->s3->server_random, SSL3_RANDOM_SIZE);
|
os_memcpy(rnd, ssl->s3->server_random, SSL3_RANDOM_SIZE);
|
||||||
os_memcpy(rnd + SSL3_RANDOM_SIZE, ssl->s3->client_random,
|
os_memcpy(rnd + SSL3_RANDOM_SIZE, ssl->s3->client_random,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue