[airpdcap rijndael] use packet scoped wmem memory in AES_unwrap()

at the moment, AirPDcapDecryptWPABroadcastKey() does not free the buffer allocated by AES_unwrap() if there's an error while parsing the returned data this could be fixed by adding more g_free() calls or by using wmem memory Change-Id: I332968da2186fbd17cbb7708082fa701dcab668e Reviewed-on: https://code.wireshark.org/review/12744 Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-12-20 14:54:02 +01:00 · 2015-12-20 14:54:02 +01:00 · 5f2f6a395a
parent 83f2818118
commit 5f2f6a395a
2 changed files with 2 additions and 6 deletions
--- a/epan/crypt/airpdcap.c
+++ b/epan/crypt/airpdcap.c
@ -435,8 +435,6 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8  *decryption
            /* Skip over the GTK header info, and don't copy past the end of the encrypted data */
            memcpy(szEncryptedKey, decrypted_data+key_index+8, key_bytes_len-key_index-8);
        }
-
-        g_free(decrypted_data);
    }

    key_len = (sa->wpa.key_ver==AIRPDCAP_WPA_KEY_VER_NOT_CCMP)?TKIP_GROUP_KEY_LEN:CCMP_GROUP_KEY_LEN;
--- a/epan/crypt/airpdcap_rijndael.c
+++ b/epan/crypt/airpdcap_rijndael.c
@ -24,12 +24,10 @@
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

-/******************************************************************************/
-/*	File includes																					*/
-/*																										*/
 #include "airpdcap_rijndael.h"

 #include	"airpdcap_debug.h"
+#include <epan/wmem/wmem.h>
 #include <glib.h>
 #include <wsutil/aes.h>

@ -53,7 +51,7 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len)

 	/* Allocate buffer for the unwrapped key */

-	output = (guint8 *) g_malloc0(cipher_len);
+	output = (guint8 *)wmem_alloc(wmem_packet_scope(), cipher_len);

 	/* Initialize variables */