At least some error paths (e.g., hitting the limit on hunt-and-peck
iterations) could have resulted in double-freeing of some memory
allocations. Avoid this by setting the pointers to NULL after they have
been freed instead of trying to free the data structure in a location
where some external references cannot be cleared. [Bug 453]
Signed-hostap: Jouni Malinen <j@w1.fi>
if (0) {
fail:
EC_GROUP_free(grp->group);
+ grp->group = NULL;
EC_POINT_free(grp->pwe);
+ grp->pwe = NULL;
BN_free(grp->order);
+ grp->order = NULL;
BN_free(grp->prime);
- os_free(grp);
- grp = NULL;
+ grp->prime = NULL;
ret = 1;
}
/* cleanliness and order.... */
*/
if (data->out_frag_pos >= wpabuf_len(data->outbuf)) {
wpabuf_free(data->outbuf);
+ data->outbuf = NULL;
data->out_frag_pos = 0;
}
wpa_printf(MSG_DEBUG, "EAP-pwd: Send %s fragment of %d bytes",
/*
* if we're not fragmenting then there's no need to carry this around
*/
- if (data->out_frag_pos == 0)
+ if (data->out_frag_pos == 0) {
wpabuf_free(data->outbuf);
+ data->outbuf = NULL;
+ data->out_frag_pos = 0;
+ }
return resp;
}
projects / thirdparty / hostap.git / commitdiff
