diff mbox series

EAP-pwd server: Fix memory leak with salted password

Message ID 20190303005222.25722-1-masashi.honma@gmail.com
State Accepted
Headers show
Series EAP-pwd server: Fix memory leak with salted password | expand

Commit Message

Masashi Honma March 3, 2019, 12:52 a.m. UTC 
The hwsim tests with salted password (ap_wpa2_eap_pwd_salt_sha1,
ap_wpa2_eap_pwd_salt_sha256, ap_wpa2_eap_pwd_salt_sha512) causes memory leaks.

commit d52ead3db7b28ce34df729376820f44811eec4c1 'EAP-pwd server: Add support
for salted password databases' introduced this issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
---
 src/eap_server/eap.h        |  1 +
 src/eap_server/eap_server.c |  5 +----
 src/radius/radius_server.c  | 16 ++++++++++------
 3 files changed, 12 insertions(+), 10 deletions(-)

Comments

Jouni Malinen March 8, 2019, 3:51 p.m. UTC | #1 
On Sun, Mar 03, 2019 at 09:52:22AM +0900, Masashi Honma wrote:
> The hwsim tests with salted password (ap_wpa2_eap_pwd_salt_sha1,
> ap_wpa2_eap_pwd_salt_sha256, ap_wpa2_eap_pwd_salt_sha512) causes memory leaks.
> 
> commit d52ead3db7b28ce34df729376820f44811eec4c1 'EAP-pwd server: Add support
> for salted password databases' introduced this issue.

Thanks, applied.
diff mbox series

Patch

diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 45e1212cf..b130368b6 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -161,5 +161,6 @@  void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
 				   const u8 *username, size_t username_len,
 				   const u8 *challenge, const u8 *response);
 void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len);
+void eap_user_free(struct eap_user *user);
 
 #endif /* EAP_H */
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index b33f6324e..e8b36e133 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -25,9 +25,6 @@ 
 
 #define EAP_MAX_AUTH_ROUNDS 50
 
-static void eap_user_free(struct eap_user *user);
-
-
 /* EAP state machines are described in RFC 4137 */
 
 static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
@@ -1814,7 +1811,7 @@  int eap_server_sm_step(struct eap_sm *sm)
 }
 
 
-static void eap_user_free(struct eap_user *user)
+void eap_user_free(struct eap_user *user)
 {
 	if (user == NULL)
 		return;
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 1c15c2c3f..7f6f7629b 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -686,7 +686,7 @@  radius_server_get_new_session(struct radius_server_data *data,
 	int res;
 	struct radius_session *sess;
 	struct eap_config eap_conf;
-	struct eap_user tmp;
+	struct eap_user *tmp;
 
 	RADIUS_DEBUG("Creating a new session");
 
@@ -697,12 +697,14 @@  radius_server_get_new_session(struct radius_server_data *data,
 	}
 	RADIUS_DUMP_ASCII("User-Name", user, user_len);
 
-	os_memset(&tmp, 0, sizeof(tmp));
-	res = data->get_eap_user(data->conf_ctx, user, user_len, 0, &tmp);
-	bin_clear_free(tmp.password, tmp.password_len);
+	tmp = os_zalloc(sizeof(*tmp));
+	if (tmp == NULL)
+		return NULL;
 
+	res = data->get_eap_user(data->conf_ctx, user, user_len, 0, tmp);
 	if (res != 0) {
 		RADIUS_DEBUG("User-Name not found from user database");
+		eap_user_free(tmp);
 		return NULL;
 	}
 
@@ -710,10 +712,12 @@  radius_server_get_new_session(struct radius_server_data *data,
 	sess = radius_server_new_session(data, client);
 	if (sess == NULL) {
 		RADIUS_DEBUG("Failed to create a new session");
+		eap_user_free(tmp);
 		return NULL;
 	}
-	sess->accept_attr = tmp.accept_attr;
-	sess->macacl = tmp.macacl;
+	sess->accept_attr = tmp->accept_attr;
+	sess->macacl = tmp->macacl;
+	eap_user_free(tmp);
 
 	sess->username = os_malloc(user_len * 4 + 1);
 	if (sess->username == NULL) {