EAP-pwd server: Fix memory leak with salted passwords

The struct hostapd_eap_user changes with a new allocated variable were not covered in the RADIUS server code. Fix this by using eap_user_free() instead of custom memory freeing operation in radius_server.c. The hwsim tests with salted password (ap_wpa2_eap_pwd_salt_sha1, ap_wpa2_eap_pwd_salt_sha256, ap_wpa2_eap_pwd_salt_sha512) triggered these memory leaks. Fixes: d52ead3db7 ("EAP-pwd server: Add support for salted password databases") Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-03-03 09:52:22 +09:00 · 2019-03-03 09:52:22 +09:00 · 1e653daa31
commit 1e653daa31
parent 9ebbdd0aa3
3 changed files with 12 additions and 10 deletions
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@ -686,7 +686,7 @@ radius_server_get_new_session(struct radius_server_data *data,
 	int res;
 	struct radius_session *sess;
 	struct eap_config eap_conf;
-	struct eap_user tmp;
+	struct eap_user *tmp;

 	RADIUS_DEBUG("Creating a new session");

@ -697,12 +697,14 @@ radius_server_get_new_session(struct radius_server_data *data,
 	}
 	RADIUS_DUMP_ASCII("User-Name", user, user_len);

-	os_memset(&tmp, 0, sizeof(tmp));
-	res = data->get_eap_user(data->conf_ctx, user, user_len, 0, &tmp);
-	bin_clear_free(tmp.password, tmp.password_len);
+	tmp = os_zalloc(sizeof(*tmp));
+	if (!tmp)
+		return NULL;

+	res = data->get_eap_user(data->conf_ctx, user, user_len, 0, tmp);
 	if (res != 0) {
 		RADIUS_DEBUG("User-Name not found from user database");
+		eap_user_free(tmp);
 		return NULL;
 	}

@ -710,10 +712,12 @@ radius_server_get_new_session(struct radius_server_data *data,
 	sess = radius_server_new_session(data, client);
 	if (sess == NULL) {
 		RADIUS_DEBUG("Failed to create a new session");
+		eap_user_free(tmp);
 		return NULL;
 	}
-	sess->accept_attr = tmp.accept_attr;
-	sess->macacl = tmp.macacl;
+	sess->accept_attr = tmp->accept_attr;
+	sess->macacl = tmp->macacl;
+	eap_user_free(tmp);

 	sess->username = os_malloc(user_len * 4 + 1);
 	if (sess->username == NULL) {