Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

SAE: Fix memory leak in random number generation

If the randomly generated bignum does not meet the validation steps, the
iteration loop in sae_get_rand() did not free the data properly. Fix the
memory leak by freeing the temporary bignum before starting the next
attempt at generating the value.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
de93da914f
commit
13c330385a
1 changed files with 3 additions and 1 deletions
Split View Show Diff Stats
  1. 3 1
      src/common/sae.c

+ 3 - 1
src/common/sae.c
View File 

@@ -134,8 +134,10 @@ static struct crypto_bignum * sae_get_rand(struct sae_data *sae)
 
 			return NULL;
 
 		if (crypto_bignum_is_zero(bn) ||
 
 		    crypto_bignum_is_one(bn) ||
 
-		    crypto_bignum_cmp(bn, sae->tmp->order) >= 0)
 
+		    crypto_bignum_cmp(bn, sae->tmp->order) >= 0) {
 
+			crypto_bignum_deinit(bn, 0);
 
 			continue;
 
+		}
 
 		break;
 
 	}