DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-pwd: Avoid double-frees on some error paths

Browse source 
At least some error paths (e.g., hitting the limit on hunt-and-peck
iterations) could have resulted in double-freeing of some memory
allocations. Avoid this by setting the pointers to NULL after they have
been freed instead of trying to free the data structure in a location
where some external references cannot be cleared. [Bug 453]

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-06-30 16:16:32 +03:00
parent 0f27f15911
commit 8350d0afd8
2 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/eap_common/eap_pwd_common.c
View file

@ -252,11 +252,13 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
if (0) {
fail:
EC_GROUP_free(grp->group);
grp->group = NULL;
EC_POINT_free(grp->pwe);
grp->pwe = NULL;
BN_free(grp->order);
grp->order = NULL;
BN_free(grp->prime);
os_free(grp);
grp = NULL;
grp->prime = NULL;
ret = 1;
}
/* cleanliness and order.... */