Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-TTLS: Fix possible memory leak in eap_ttls_phase2_request_mschap()

The msg buffer needs to be freed on these two error paths.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ilan Peer 7 years ago
parent
422570eec8
commit
83e003a913
1 changed files with 12 additions and 2 deletions
Split View Show Diff Stats
  1. 12 2
      src/eap_peer/eap_ttls.c

+ 12 - 2
src/eap_peer/eap_ttls.c
View File 

@@ -625,15 +625,25 @@ static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
 
 	pos += 24;
 
 	if (pwhash) {
 
 		/* NT-Response */
 
-		if (challenge_response(challenge, password, pos))
 
+		if (challenge_response(challenge, password, pos)) {
 
+			wpa_printf(MSG_ERROR,
 
+				   "EAP-TTLS/MSCHAP: Failed derive password hash");
 
+			wpabuf_free(msg);
 
 			return -1;
 
+		}
 
+
 
 		wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password hash",
 
 				password, 16);
 
 	} else {
 
 		/* NT-Response */
 
 		if (nt_challenge_response(challenge, password, password_len,
 
-					  pos))
 
+					  pos)) {
 
+			wpa_printf(MSG_ERROR,
 
+				   "EAP-TTLS/MSCHAP: Failed derive password");
 
+			wpabuf_free(msg);
 
 			return -1;
 
+		}
 
+
 
 		wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password",
 
 				      password, password_len);
 
 	}