EAP-pwd: Fix a memory leak in hunting-and-pecking loop

tmp2 (y^2) was derived once in each iteration of the loop and only freed
after all the loop iterations. Fix this by freeing the temporary value
during each iteration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index 88c6595887ab969fd3ee9d995b48eb86ba44b6f4..02fe01e9f177d16d1f6e52728ab5e01c0a708822 100644 (file)
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -238,6 +238,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
                 *
                 *      y^2 = x^3 + ax + b
                 */
+               crypto_bignum_deinit(tmp2, 1);
                tmp2 = crypto_ec_point_compute_y_sqr(grp->group, x_candidate);
                if (!tmp2)
                        goto fail;