From ea52a46e1313d67f85fd21952f353d8dbb2a5ca0 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 28 Nov 2015 19:43:55 +0200
Subject: [PATCH] EAP-SIM peer: Fix memory leak on reauth error path

If init_for_reauth fails, the EAP-SIM peer state was not freed properly.
Use eap_sim_deinit() to make sure all allocations get freed. This could
be hit only if no random data could be derived for NONCE_MT.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/eap_peer/eap_sim.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index 99a2816ce..cbf7461a1 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -1135,7 +1135,7 @@ static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv)
 	if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
 		wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
 			   "for NONCE_MT");
-		os_free(data);
+		eap_sim_deinit(sm, data);
 		return NULL;
 	}
 	data->num_id_req = 0;