mka: Add error handling for secy_init_macsec() calls
secy_init_macsec() can fail (if ->macsec_init fails), and ieee802_1x_kay_init() should handle this and not let MKA run any further, because nothing is going to work anyway. On failure, ieee802_1x_kay_init() must deinit its kay, which will free kay->ctx, so ieee802_1x_kay_init callers (only ieee802_1x_alloc_kay_sm) must not do it. Before this patch there is a double-free of the ctx argument when ieee802_1x_kay_deinit() was called. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
This commit is contained in:
Sabrina Dubroca
Jouni Malinen
parent
2c66c7d115
commit
7612e65b9b
2 changed files with 16 additions and 14 deletions
|
|
@ -235,10 +235,9 @@ int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
|
|||
res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_port,
|
||||
ssid->mka_priority, wpa_s->ifname,
|
||||
wpa_s->own_addr);
|
||||
if (res == NULL) {
|
||||
os_free(kay_ctx);
|
||||
/* ieee802_1x_kay_init() frees kay_ctx on failure */
|
||||
if (res == NULL)
|
||||
return -1;
|
||||
}
|
||||
|
||||
wpa_s->kay = res;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue