From: Jouni Malinen <j@w1.fi>
Date: Sat, 31 May 2014 19:24:31 +0000 (+0300)
Subject: SAE: Fix memory leak in random number generation
X-Git-Tag: hostap_2_2~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13c330385ab5fbc566c75207b1c2b1b36a25de0a;p=thirdparty%2Fhostap.git

SAE: Fix memory leak in random number generation

If the randomly generated bignum does not meet the validation steps, the
iteration loop in sae_get_rand() did not free the data properly. Fix the
memory leak by freeing the temporary bignum before starting the next
attempt at generating the value.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/common/sae.c b/src/common/sae.c
index 674cb6502..c1b488e91 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -134,8 +134,10 @@ static struct crypto_bignum * sae_get_rand(struct sae_data *sae)
 			return NULL;
 		if (crypto_bignum_is_zero(bn) ||
 		    crypto_bignum_is_one(bn) ||
-		    crypto_bignum_cmp(bn, sae->tmp->order) >= 0)
+		    crypto_bignum_cmp(bn, sae->tmp->order) >= 0) {
+			crypto_bignum_deinit(bn, 0);
 			continue;
+		}
 		break;
 	}