From: Benjamin Berg <benjamin.berg@intel.com>
Date: Thu, 22 Jan 2026 15:21:48 +0000 (+0100)
Subject: FILS: Fix memory leak if AES-SIV encryption fails
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3d80342129c2e131fb1300a79ff9912286af424;p=thirdparty%2Fhostap.git

FILS: Fix memory leak if AES-SIV encryption fails

The dynamically allocated header was not free'ed in the error path. Add
the appropriate os_free call.

Fixes: b729fd8df9f6 ("FILS: Use AEAD cipher to protect EAPOL-Key frames (AP)")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
---

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index f4319f394..75c265a5b 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2186,6 +2186,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
 		if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len, kde, kde_len,
 				    1, aad, aad_len, key_mic + 2) < 0) {
 			wpa_printf(MSG_DEBUG, "WPA: AES-SIV encryption failed");
+			os_free(hdr);
 			return;
 		}