[PATCH 1/5] wpa_supplicant: fix possible memory leak in handle_auth()

Jouni Malinen j at w1.fi
Thu Jun 18 18:25:42 EDT 2015


On Wed, Jun 17, 2015 at 04:16:32PM +0300, Ilan Peer wrote:
> In handle_auth(), in case of waiting to external authentication,
> the function returns without freeing allocated memory.

> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> @@ -975,6 +975,9 @@ static void handle_auth(struct hostapd_data *hapd,
>  		/* Authentication code will re-send the authentication frame
>  		 * after it has received (and cached) information from the
>  		 * external source. */
> +		os_free(identity);
> +		os_free(radius_cui);
> +		hostapd_free_psk_list(psk);
>  		return;

Changed my mind on this one after going through the other patches..
Since I cannot figure out how this could happen (HOSTAPD_ACL_PENDING
indicates Access-Accept has not yet been received and as such, these
copies of the attributes from that message cannot exists). Adding these
freeing operations here would make this quite confusing. As such, I'm
going to drop this unless someone can describe how these could be
non-NULL.
 
-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list