jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OpenSSL: Fix memory leak on FIPS error paths

Browse source 
Do not leave the tls_global context allocated if the global OpenSSL
initialization fails. This was possible in case of FIPS builds if
the FIPS mode cannot be initialized.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-08-16 17:38:46 +03:00
parent 4f219667d7
commit b36540dbeb
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/crypto/tls_openssl.c
View file

@ -709,6 +709,8 @@ void * tls_init(const struct tls_config *conf)
"mode"); "mode");
ERR_load_crypto_strings(); ERR_load_crypto_strings();
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
os_free(tls_global);
tls_global = NULL;
return NULL; return NULL;
} else } else
wpa_printf(MSG_INFO, "Running in FIPS mode"); wpa_printf(MSG_INFO, "Running in FIPS mode");
@ -717,6 +719,8 @@ void * tls_init(const struct tls_config *conf)
if (conf && conf->fips_mode) { if (conf && conf->fips_mode) {
wpa_printf(MSG_ERROR, "FIPS mode requested, but not " wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
"supported"); "supported");
os_free(tls_global);
tls_global = NULL;
return NULL; return NULL;
} }
#endif /* OPENSSL_FIPS */ #endif /* OPENSSL_FIPS */