From: Ilan Peer <ilan.peer@intel.com>
Date: Thu, 8 Jun 2017 08:17:59 +0000 (+0300)
Subject: EAP-TTLS: Fix possible memory leak in eap_ttls_phase2_request_mschap()
X-Git-Tag: hostap_2_7~1196
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83e003a9132a33921e8e284f07aeab1d72153131;p=thirdparty%2Fhostap.git

EAP-TTLS: Fix possible memory leak in eap_ttls_phase2_request_mschap()

The msg buffer needs to be freed on these two error paths.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
---

diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index 01112b5df..c8a05fdca 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -625,15 +625,25 @@ static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
 	pos += 24;
 	if (pwhash) {
 		/* NT-Response */
-		if (challenge_response(challenge, password, pos))
+		if (challenge_response(challenge, password, pos)) {
+			wpa_printf(MSG_ERROR,
+				   "EAP-TTLS/MSCHAP: Failed derive password hash");
+			wpabuf_free(msg);
 			return -1;
+		}
+
 		wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password hash",
 				password, 16);
 	} else {
 		/* NT-Response */
 		if (nt_challenge_response(challenge, password, password_len,
-					  pos))
+					  pos)) {
+			wpa_printf(MSG_ERROR,
+				   "EAP-TTLS/MSCHAP: Failed derive password");
+			wpabuf_free(msg);
 			return -1;
+		}
+
 		wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password",
 				      password, password_len);
 	}