diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2014-04-09 18:04:33 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2014-04-09 18:27:02 +0200 |
| commit | abd7d3be9ca88168dbf7837ea906ed788e5a0e94 (patch) | |
| tree | a139d8d6a05420ec5998d4fc9081d96b770c86a1 | |
| parent | f0923ff37764a31dbcb8cb0e58fcaa5cbb35152c (diff) | |
| download | strongswan-abd7d3be9ca88168dbf7837ea906ed788e5a0e94.tar.bz2 strongswan-abd7d3be9ca88168dbf7837ea906ed788e5a0e94.tar.xz | |
eap-mschapv2: Fix potential leaks in case of invalid messages from servers
| -rw-r--r-- | src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index 49e3dd142..511506869 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -792,12 +792,14 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, "invalid auth string"); goto error; } + chunk_free(&auth_string); hex = chunk_create(token, AUTH_RESPONSE_LEN - 2); auth_string = chunk_from_hex(hex, NULL); } else if (strpfx(token, "M=")) { token += 2; + free(msg); msg = strdup(token); } } @@ -883,6 +885,7 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, "invalid challenge"); goto error; } + chunk_free(&challenge); hex = chunk_create(token, 2 * CHALLENGE_LEN); challenge = chunk_from_hex(hex, NULL); } @@ -893,6 +896,7 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, else if (strpfx(token, "M=")) { token += 2; + free(msg); msg = strdup(token); } } |