diff options
author | Martin Kaiser <wireshark@kaiser.cx> | 2015-12-20 16:04:12 +0100 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2015-12-21 05:07:33 +0000 |
commit | fa24207d34c434a86461938c654cdaab0d9d00fa (patch) | |
tree | e2f6b9b368fbc67bf557a60b00002cb92902a0c5 /epan/crypt | |
parent | c9670e334c38f98da485b53bbd09571047836064 (diff) | |
download | wireshark-fa24207d34c434a86461938c654cdaab0d9d00fa.tar.gz |
[aidpdcap] use packet scoped wmem memory for szEncryptedKey
to make sure that AirPDcapDecryptWPABroadcastKey() does not leak memory
when it returns an error
Change-Id: I01dc8dc0d6cc1e72e9784a262e35e24844e35dbc
Reviewed-on: https://code.wireshark.org/review/12745
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/crypt')
-rw-r--r-- | epan/crypt/airpdcap.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c index e584bf43ac..27eebba285 100644 --- a/epan/crypt/airpdcap.c +++ b/epan/crypt/airpdcap.c @@ -346,7 +346,7 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption } /* Encrypted key is in the information element field of the EAPOL key packet */ - szEncryptedKey = (guint8 *)g_memdup(pEAPKey->ie, key_bytes_len); + szEncryptedKey = (guint8 *)wmem_memdup(wmem_packet_scope(), pEAPKey->ie, key_bytes_len); DEBUG_DUMP("Encrypted Broadcast key:", szEncryptedKey, key_bytes_len); DEBUG_DUMP("KeyIV:", pEAPKey->key_iv, 16); @@ -452,7 +452,6 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption /* AirPDcapRsnaMng() function will extract the right piece of the GTK for decryption. (The first 16 bytes of the GTK are used for decryption.) */ memset(sa->wpa.ptk, 0, sizeof(sa->wpa.ptk)); memcpy(sa->wpa.ptk+32, szEncryptedKey, key_len); - g_free(szEncryptedKey); return AIRPDCAP_RET_SUCCESS_HANDSHAKE; } |