g_malloc the decrypted key in AES_unwrap(), but always free it.

It doesn't need to exist after AirPDcapDecryptWPABroadcastKey() returns.

Change-Id: Ifaf08dfb285be3cf54429f7b77d44565962d4450
Reviewed-on: https://code.wireshark.org/review/12808
Reviewed-by: Guy Harris <guy@alum.mit.edu>

epan/crypt/airpdcap.c

@@ -420,6 +420,7 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8  *decryption
 
             if (rsn_id != 0xdd){
                 if (key_index+1 >= key_bytes_len){
+                    g_free(decrypted_data);
                     g_free(szEncryptedKey);
                     return AIRPDCAP_RET_NO_VALID_HANDSHAKE;
                 }
@@ -431,6 +432,7 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8  *decryption
 
         if (key_found){
             if (key_index+8 >= key_bytes_len) {
+                g_free(decrypted_data);
                 g_free(szEncryptedKey);
                 return AIRPDCAP_RET_NO_VALID_HANDSHAKE;
             }
@@ -438,6 +440,8 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8  *decryption
             /* Skip over the GTK header info, and don't copy past the end of the encrypted data */
             memcpy(szEncryptedKey, decrypted_data+key_index+8, key_bytes_len-key_index-8);
         }
+
+        g_free(decrypted_data);
     }
 
     key_len = (sa->wpa.key_ver==AIRPDCAP_WPA_KEY_VER_NOT_CCMP)?TKIP_GROUP_KEY_LEN:CCMP_GROUP_KEY_LEN;

epan/crypt/airpdcap_rijndael.c

@@ -27,7 +27,6 @@
 #include "airpdcap_rijndael.h"
 
 #include	"airpdcap_debug.h"
-#include <epan/wmem/wmem.h>
 #include <glib.h>
 #include <wsutil/aes.h>
 
@@ -51,7 +50,7 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len)
 
 	/* Allocate buffer for the unwrapped key */
 
-	output = (guint8 *)wmem_alloc(wmem_packet_scope(), cipher_len);
+	output = (guint8 *) g_malloc0(cipher_len);
 
 	/* Initialize variables */