DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-SIM/AKA peer: Fix use-after-free for privacy identity

Browse source 
When the privacy protected itentity is used for EAP-SIM/AKA, the buffer
containing the identity was freed just before its use. Fix that by
reordering the operations.

Fixes: 881cb4198b ("EAP-SIM/AKA peer: Simplify identity selection for MK derivation")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2024-01-22 11:47:00 +02:00 committed by Jouni Malinen
parent fd71cae6c9
commit e3d6fce848
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/eap_peer/eap.c
View file

@ -1757,12 +1757,13 @@ struct wpabuf * eap_sm_buildIdentity(struct eap_sm *sm, int id, int encrypted)
return NULL;
wpabuf_put_data(resp, identity, identity_len);
wpabuf_free(privacy_identity);
os_free(sm->identity);
sm->identity = os_memdup(identity, identity_len);
sm->identity_len = identity_len;
wpabuf_free(privacy_identity);
return resp;
}