wpa_supplicant: Fix memory leaks in ieee802_1x_create_preshared_mka()

In case MKA is initialized successfully, local copies of CAK and CKN
were allocated, but never freed. Ensure that such memory is released
also when ieee802_1x_kay_create_mka() returns a valid pointer.

Fixes: ad51731abf ("wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA")
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
This commit is contained in:
Davide Caratti 2018-03-08 17:15:02 +01:00 committed by Jouni Malinen
parent 3a52f6b387
commit 22151b111b

View file

@ -392,25 +392,25 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
{ {
struct mka_key *cak; struct mka_key *cak;
struct mka_key_name *ckn; struct mka_key_name *ckn;
void *res; void *res = NULL;
if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET) if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
return NULL; goto end;
if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0)
return NULL;
if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
return NULL;
ckn = os_zalloc(sizeof(*ckn)); ckn = os_zalloc(sizeof(*ckn));
if (!ckn) if (!ckn)
goto dealloc; goto end;
cak = os_zalloc(sizeof(*cak)); cak = os_zalloc(sizeof(*cak));
if (!cak) if (!cak)
goto free_ckn; goto free_ckn;
if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
goto free_cak;
if (wpa_s->kay->policy == DO_NOT_SECURE)
goto dealloc;
cak->len = MACSEC_CAK_LEN; cak->len = MACSEC_CAK_LEN;
os_memcpy(cak->key, ssid->mka_cak, cak->len); os_memcpy(cak->key, ssid->mka_cak, cak->len);
@ -419,17 +419,15 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE); res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);
if (res) if (res)
return res; goto free_cak;
dealloc:
/* Failed to create MKA */ /* Failed to create MKA */
ieee802_1x_dealloc_kay_sm(wpa_s);
free_cak:
os_free(cak); os_free(cak);
/* fallthrough */
free_ckn: free_ckn:
os_free(ckn); os_free(ckn);
dealloc: end:
ieee802_1x_dealloc_kay_sm(wpa_s); return res;
return NULL;
} }