osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

[aidpdcap] use packet scoped wmem memory for szEncryptedKey 

to make sure that AirPDcapDecryptWPABroadcastKey() does not leak memory
when it returns an error

Change-Id: I01dc8dc0d6cc1e72e9784a262e35e24844e35dbc
Reviewed-on: https://code.wireshark.org/review/12745
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Martin Kaiser 2015-12-20 16:04:12 +01:00 committed by Michael Mann
parent c9670e334c
commit fa24207d34
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
epan/crypt/airpdcap.c
View File

@ -346,7 +346,7 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption
}
/* Encrypted key is in the information element field of the EAPOL key packet */
szEncryptedKey = (guint8 *)g_memdup(pEAPKey->ie, key_bytes_len);
szEncryptedKey = (guint8 *)wmem_memdup(wmem_packet_scope(), pEAPKey->ie, key_bytes_len);
DEBUG_DUMP("Encrypted Broadcast key:", szEncryptedKey, key_bytes_len);
DEBUG_DUMP("KeyIV:", pEAPKey->key_iv, 16);
@ -452,7 +452,6 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption
/* AirPDcapRsnaMng() function will extract the right piece of the GTK for decryption. (The first 16 bytes of the GTK are used for decryption.) */
memset(sa->wpa.ptk, 0, sizeof(sa->wpa.ptk));
memcpy(sa->wpa.ptk+32, szEncryptedKey, key_len);
g_free(szEncryptedKey);
return AIRPDCAP_RET_SUCCESS_HANDSHAKE;
}