Fix memory leak on NFC DH generation error path

It was possible for some NFC DH generation error paths to leak memory
since the old private/public key was not freed if an allocation failed.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/crypto/dh_group5.c

@@ -15,6 +15,7 @@
 
 void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
 {
+	wpabuf_free(*publ);
 	*publ = dh_init(dh_groups_get(5), priv);
 	if (*publ == NULL)
 		return NULL;

src/crypto/dh_groups.c

@@ -1218,14 +1218,19 @@ struct wpabuf * dh_init(const struct dh_group *dh, struct wpabuf **priv)
 
 	pv_len = dh->prime_len;
 	pv = wpabuf_alloc(pv_len);
-	if (pv == NULL)
+	if (pv == NULL) {
+		wpabuf_clear_free(*priv);
+		*priv = NULL;
 		return NULL;
+	}
 	if (crypto_mod_exp(dh->generator, dh->generator_len,
 			   wpabuf_head(*priv), wpabuf_len(*priv),
 			   dh->prime, dh->prime_len, wpabuf_mhead(pv),
 			   &pv_len) < 0) {
 		wpabuf_clear_free(pv);
 		wpa_printf(MSG_INFO, "DH: crypto_mod_exp failed");
+		wpabuf_clear_free(*priv);
+		*priv = NULL;
 		return NULL;
 	}
 	wpabuf_put(pv, pv_len);