Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

OpenSSL: Fix memory leak on FIPS error paths

Do not leave the tls_global context allocated if the global OpenSSL
initialization fails. This was possible in case of FIPS builds if
the FIPS mode cannot be initialized.

Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen 12 years ago
parent
4f219667d7
commit
b36540dbeb
1 changed files with 4 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      src/crypto/tls_openssl.c

+ 4 - 0
src/crypto/tls_openssl.c
View File 

@@ -709,6 +709,8 @@ void * tls_init(const struct tls_config *conf)
 
 					   "mode");
 
 				ERR_load_crypto_strings();
 
 				ERR_print_errors_fp(stderr);
 
+				os_free(tls_global);
 
+				tls_global = NULL;
 
 				return NULL;
 
 			} else
 
 				wpa_printf(MSG_INFO, "Running in FIPS mode");
 
@@ -717,6 +719,8 @@ void * tls_init(const struct tls_config *conf)
 
 		if (conf && conf->fips_mode) {
 
 			wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
 
 				   "supported");
 
+			os_free(tls_global);
 
+			tls_global = NULL;
 
 			return NULL;
 
 		}
 
 #endif /* OPENSSL_FIPS */