[airpdcap rijndael] use packet scoped wmem memory in AES_unwrap()

at the moment, AirPDcapDecryptWPABroadcastKey() does not free the buffer
allocated by AES_unwrap() if there's an error while parsing the returned data

this could be fixed by adding more g_free() calls or by using wmem
memory

Change-Id: I332968da2186fbd17cbb7708082fa701dcab668e
Reviewed-on: https://code.wireshark.org/review/12744
Reviewed-by: Michael Mann <mmann78@netscape.net>

2 files changed, 2 insertions, 6 deletions

diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c
index dcf448138e..4a8cbbbe9f 100644
--- a/epan/crypt/airpdcap.c
+++ b/epan/crypt/airpdcap.c
@@ -435,8 +435,6 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8  *decryption
             /* Skip over the GTK header info, and don't copy past the end of the encrypted data */
             memcpy(szEncryptedKey, decrypted_data+key_index+8, key_bytes_len-key_index-8);
         }
-
-        g_free(decrypted_data);
     }
 
     key_len = (sa->wpa.key_ver==AIRPDCAP_WPA_KEY_VER_NOT_CCMP)?TKIP_GROUP_KEY_LEN:CCMP_GROUP_KEY_LEN;
diff --git a/epan/crypt/airpdcap_rijndael.c b/epan/crypt/airpdcap_rijndael.c
index 90d98d3583..32cd8a5cbe 100644
--- a/epan/crypt/airpdcap_rijndael.c
+++ b/epan/crypt/airpdcap_rijndael.c
@@ -24,12 +24,10 @@
  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/******************************************************************************/
-/*	File includes																					*/
-/*																										*/
 #include "airpdcap_rijndael.h"
 
 #include	"airpdcap_debug.h"
+#include <epan/wmem/wmem.h>
 #include <glib.h>
 #include <wsutil/aes.h>
 
@@ -53,7 +51,7 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len)
 
 	/* Allocate buffer for the unwrapped key */
 
-	output = (guint8 *) g_malloc0(cipher_len);
+	output = (guint8 *)wmem_alloc(wmem_packet_scope(), cipher_len);
 
 	/* Initialize variables */