[PATCH 1/5] wpa_supplicant: fix possible memory leak in handle_auth()

Jouni Malinen j at w1.fi
Thu Jun 18 17:21:10 EDT 2015

On Wed, Jun 17, 2015 at 04:16:32PM +0300, Ilan Peer wrote:
> In handle_auth(), in case of waiting to external authentication,
> the function returns without freeing allocated memory.

> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> @@ -975,6 +975,9 @@ static void handle_auth(struct hostapd_data *hapd,
>  		/* Authentication code will re-send the authentication frame
>  		 * after it has received (and cached) information from the
>  		 * external source. */
> +		os_free(identity);
> +		os_free(radius_cui);
> +		hostapd_free_psk_list(psk);
>  		return;

I don't think that this case can really be hit since this is for
HOSTAPD_ACL_PENDING, i.e., for the case where Access-Accept response has
not yet been received and as such, there is no ACL cache information or
these allocated copies of RADIUS attributes. Anyway, I can apply this to
get rid of static analyzer warnings. The commit message title will
change, though, since this is for hostapd and not really "possible" :).

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list