From c5622b43cd8d01c643a19ddccf18ee8b65b48d5f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 8 May 2019 20:25:10 +0300 Subject: [PATCH] DPP: Fix a memory leak on duplicate Authentication Response Do not allow auth->peer_protocol_key to be overridden without having freed the previously stored key in case two Authentication Response messages are received. Signed-off-by: Jouni Malinen --- src/common/dpp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/common/dpp.c b/src/common/dpp.c index fd2e9f4ce..4b8d83811 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -3753,6 +3753,7 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, } EVP_PKEY_CTX_free(ctx); ctx = NULL; + EVP_PKEY_free(auth->peer_protocol_key); auth->peer_protocol_key = pr; pr = NULL;