DPP: Fix a memory leak on duplicate Authentication Response

Do not allow auth->peer_protocol_key to be overridden without having
freed the previously stored key in case two Authentication Response
messages are received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index fd2e9f4ce508f657fc17e9b41986463e932b1754..4b8d83811dbd9681f0f7e0f95165b983592399ee 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -3753,6 +3753,7 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
        }
        EVP_PKEY_CTX_free(ctx);
        ctx = NULL;
+       EVP_PKEY_free(auth->peer_protocol_key);
        auth->peer_protocol_key = pr;
        pr = NULL;