From 7280723fbfa7c609d8545e855a7399e1b3061457 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Mon, 28 May 2018 16:17:20 +0300
Subject: [PATCH] EAP-pwd peer: Check for unexpected state for ID exchange

Aborty processing if ID exchange processing is entered twice
unexpectedly. This avoids memory leaks in the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/eap_peer/eap_pwd.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index e74aef1a9..748b0870f 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -255,6 +255,12 @@ eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
 	data->prep = id->prep;
 	os_memcpy(data->token, id->token, sizeof(id->token));
 
+	if (data->id_server || data->grp) {
+		wpa_printf(MSG_INFO, "EAP-pwd: data was already allocated");
+		eap_pwd_state(data, FAILURE);
+		return;
+	}
+
 	data->id_server = os_malloc(payload_len - sizeof(struct eap_pwd_id));
 	if (data->id_server == NULL) {
 		wpa_printf(MSG_INFO, "EAP-PWD: memory allocation id fail");