From: Jouni Malinen <j@w1.fi>
Date: Fri, 12 Feb 2010 19:13:51 +0000 (+0200)
Subject: Fix TLS in/out buffer freeing
X-Git-Tag: hostap_0_7_2~201
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2e06e9dd6f01096ddf2e9184a9b9b79d1a29cadd;p=thirdparty%2Fhostap.git

Fix TLS in/out buffer freeing

The previous version could end leaking memory since os_free() was used
instead of wpabuf_free(). In addition, this could potentially have
triggered a crash if the TLS context were being freed when pending
input data where still in the buffer (though, this may not be possible
to trigger in practice).
---

diff --git a/src/eap_server/eap_tls_common.c b/src/eap_server/eap_tls_common.c
index fcf665443..25ae683f0 100644
--- a/src/eap_server/eap_tls_common.c
+++ b/src/eap_server/eap_tls_common.c
@@ -21,6 +21,9 @@
 #include "eap_tls_common.h"
 
 
+static void eap_server_tls_free_in_buf(struct eap_ssl_data *data);
+
+
 int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
 			    int verify_peer)
 {
@@ -58,8 +61,9 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
 void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data)
 {
 	tls_connection_deinit(sm->ssl_ctx, data->conn);
-	os_free(data->tls_in);
-	os_free(data->tls_out);
+	eap_server_tls_free_in_buf(data);
+	wpabuf_free(data->tls_out);
+	data->tls_out = NULL;
 }