Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-SIM/AKA server: Fix memory leak in error path

If identity round limit is reached, EAP-SIM/AKA session is terminated.
This needs to free the allocated message.

Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen 12 years ago
parent
8cd93a01a9
commit
58fd49c05d
2 changed files with 2 additions and 0 deletions
Unified View Show Diff Stats
  1. 1 0
      src/eap_server/eap_server_aka.c
  2. 1 0
      src/eap_server/eap_server_sim.c

+ 1 - 0
src/eap_server/eap_server_aka.c
View File 

@@ -365,6 +365,7 @@ static struct wpabuf * eap_aka_build_identity(struct eap_sm *sm,
 
 		eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
 
 		eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
 
 	} else if (data->identity_round > 3) {
 
 	} else if (data->identity_round > 3) {
 
 		/* Cannot use more than three rounds of Identity messages */
 
 		/* Cannot use more than three rounds of Identity messages */
 
+		eap_sim_msg_free(msg);
 
 		return NULL;
 
 		return NULL;
 
 	} else if (sm->identity && sm->identity_len > 0 &&
 
 	} else if (sm->identity && sm->identity_len > 0 &&
 
 		   (sm->identity[0] == EAP_AKA_REAUTH_ID_PREFIX ||
 
 		   (sm->identity[0] == EAP_AKA_REAUTH_ID_PREFIX ||

+ 1 - 0
src/eap_server/eap_server_sim.c
View File 

@@ -117,6 +117,7 @@ static struct wpabuf * eap_sim_build_start(struct eap_sm *sm,
 
 		eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
 
 		eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
 
 	} else if (data->start_round > 3) {
 
 	} else if (data->start_round > 3) {
 
 		/* Cannot use more than three rounds of Start messages */
 
 		/* Cannot use more than three rounds of Start messages */
 
+		eap_sim_msg_free(msg);
 
 		return NULL;
 
 		return NULL;
 
 	} else if (data->start_round == 0) {
 
 	} else if (data->start_round == 0) {
 
 		/*
 
 		/*