EAP-pwd server: Fix memory leak with salted passwords
The struct hostapd_eap_user changes with a new allocated variable were
not covered in the RADIUS server code. Fix this by using eap_user_free()
instead of custom memory freeing operation in radius_server.c.
The hwsim tests with salted password (ap_wpa2_eap_pwd_salt_sha1,
ap_wpa2_eap_pwd_salt_sha256, ap_wpa2_eap_pwd_salt_sha512) triggered
these memory leaks.
Fixes: d52ead3db7
("EAP-pwd server: Add support for salted password databases")
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This commit is contained in:
parent
9ebbdd0aa3
commit
1e653daa31
3 changed files with 12 additions and 10 deletions
|
@ -161,5 +161,6 @@ void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
|
||||||
const u8 *username, size_t username_len,
|
const u8 *username, size_t username_len,
|
||||||
const u8 *challenge, const u8 *response);
|
const u8 *challenge, const u8 *response);
|
||||||
void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len);
|
void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len);
|
||||||
|
void eap_user_free(struct eap_user *user);
|
||||||
|
|
||||||
#endif /* EAP_H */
|
#endif /* EAP_H */
|
||||||
|
|
|
@ -25,9 +25,6 @@
|
||||||
|
|
||||||
#define EAP_MAX_AUTH_ROUNDS 50
|
#define EAP_MAX_AUTH_ROUNDS 50
|
||||||
|
|
||||||
static void eap_user_free(struct eap_user *user);
|
|
||||||
|
|
||||||
|
|
||||||
/* EAP state machines are described in RFC 4137 */
|
/* EAP state machines are described in RFC 4137 */
|
||||||
|
|
||||||
static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
|
static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
|
||||||
|
@ -1814,7 +1811,7 @@ int eap_server_sm_step(struct eap_sm *sm)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void eap_user_free(struct eap_user *user)
|
void eap_user_free(struct eap_user *user)
|
||||||
{
|
{
|
||||||
if (user == NULL)
|
if (user == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -686,7 +686,7 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||||
int res;
|
int res;
|
||||||
struct radius_session *sess;
|
struct radius_session *sess;
|
||||||
struct eap_config eap_conf;
|
struct eap_config eap_conf;
|
||||||
struct eap_user tmp;
|
struct eap_user *tmp;
|
||||||
|
|
||||||
RADIUS_DEBUG("Creating a new session");
|
RADIUS_DEBUG("Creating a new session");
|
||||||
|
|
||||||
|
@ -697,12 +697,14 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||||
}
|
}
|
||||||
RADIUS_DUMP_ASCII("User-Name", user, user_len);
|
RADIUS_DUMP_ASCII("User-Name", user, user_len);
|
||||||
|
|
||||||
os_memset(&tmp, 0, sizeof(tmp));
|
tmp = os_zalloc(sizeof(*tmp));
|
||||||
res = data->get_eap_user(data->conf_ctx, user, user_len, 0, &tmp);
|
if (!tmp)
|
||||||
bin_clear_free(tmp.password, tmp.password_len);
|
return NULL;
|
||||||
|
|
||||||
|
res = data->get_eap_user(data->conf_ctx, user, user_len, 0, tmp);
|
||||||
if (res != 0) {
|
if (res != 0) {
|
||||||
RADIUS_DEBUG("User-Name not found from user database");
|
RADIUS_DEBUG("User-Name not found from user database");
|
||||||
|
eap_user_free(tmp);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -710,10 +712,12 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||||
sess = radius_server_new_session(data, client);
|
sess = radius_server_new_session(data, client);
|
||||||
if (sess == NULL) {
|
if (sess == NULL) {
|
||||||
RADIUS_DEBUG("Failed to create a new session");
|
RADIUS_DEBUG("Failed to create a new session");
|
||||||
|
eap_user_free(tmp);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
sess->accept_attr = tmp.accept_attr;
|
sess->accept_attr = tmp->accept_attr;
|
||||||
sess->macacl = tmp.macacl;
|
sess->macacl = tmp->macacl;
|
||||||
|
eap_user_free(tmp);
|
||||||
|
|
||||||
sess->username = os_malloc(user_len * 4 + 1);
|
sess->username = os_malloc(user_len * 4 + 1);
|
||||||
if (sess->username == NULL) {
|
if (sess->username == NULL) {
|
||||||
|
|
Loading…
Reference in a new issue