jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

DPP: Fix memory leak in EC_GROUP handling

Browse source 
EC_GROUP_new_by_curve_name() allocates memory for the returned pointer,
so need to free this with EC_GROUP_free() before leaving the calling
functions. This was leaking memory when parsing JWK and when performing
PKEX.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-05-08 18:32:29 +03:00 committed by Jouni Malinen
parent 7a9ddba6f5
commit 57ec74ea9b
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/common/dpp.c
View file

@ -5254,6 +5254,7 @@ static EVP_PKEY * dpp_parse_jwk(struct json_token *jwk,
pkey = dpp_set_pubkey_point_group(group, wpabuf_head(x), wpabuf_head(y), pkey = dpp_set_pubkey_point_group(group, wpabuf_head(x), wpabuf_head(y),
wpabuf_len(x)); wpabuf_len(x));
EC_GROUP_free(group);
*key_curve = curve; *key_curve = curve;
fail: fail:
@ -6590,6 +6591,7 @@ static EVP_PKEY * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve,
EC_GROUP *group; EC_GROUP *group;
size_t len = curve->prime_len; size_t len = curve->prime_len;
const u8 *x, *y; const u8 *x, *y;
EVP_PKEY *res;
switch (curve->ike_group) { switch (curve->ike_group) {
case 19: case 19:
@ -6623,7 +6625,9 @@ static EVP_PKEY * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve,
group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name)); group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name));
if (!group) if (!group)
return NULL; return NULL;
return dpp_set_pubkey_point_group(group, x, y, len); res = dpp_set_pubkey_point_group(group, x, y, len);
EC_GROUP_free(group);
return res;
} }
@ -6851,6 +6855,7 @@ fail:
BN_free(y); BN_free(y);
EC_POINT_free(point); EC_POINT_free(point);
BN_CTX_free(ctx); BN_CTX_free(ctx);
EC_GROUP_free(group);
return ret; return ret;
} }