From f3d80342129c2e131fb1300a79ff9912286af424 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <benjamin.berg@intel.com>
Date: Thu, 22 Jan 2026 16:21:48 +0100
Subject: [PATCH] FILS: Fix memory leak if AES-SIV encryption fails

The dynamically allocated header was not free'ed in the error path. Add
the appropriate os_free call.

Fixes: b729fd8df9f6 ("FILS: Use AEAD cipher to protect EAPOL-Key frames (AP)")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
---
 src/ap/wpa_auth.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index f4319f394..75c265a5b 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2186,6 +2186,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
 		if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len, kde, kde_len,
 				    1, aad, aad_len, key_mic + 2) < 0) {
 			wpa_printf(MSG_DEBUG, "WPA: AES-SIV encryption failed");
+			os_free(hdr);
 			return;
 		}
 
-- 
2.47.3