diff options
| author | Guy Harris <guy@alum.mit.edu> | 2015-12-21 12:44:38 -0800 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2015-12-21 20:45:06 +0000 |
| commit | 6ede7d4ba3d7acaf90846618afd0830a57511b64 (patch) | |
| tree | 2e60e1a030d84bc7fca5a44a155cc89f99ed8740 /epan/crypt | |
| parent | 830f30a70583ff7ad351501d4c675a3b7b29ac56 (diff) | |
g_mallocate the encrypted key, but free it in all paths out of the function.
It doesn't need to persist after the function returns.
Change-Id: Ic601a6ef6a0aa0f22f9c8b9a1c586cec95093f27
Reviewed-on: https://code.wireshark.org/review/12805
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'epan/crypt')
| -rw-r--r-- | epan/crypt/airpdcap.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c index 4a8cbbbe9f..1c06432d7b 100644 --- a/epan/crypt/airpdcap.c +++ b/epan/crypt/airpdcap.c @@ -346,7 +346,7 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption } /* Encrypted key is in the information element field of the EAPOL key packet */ - szEncryptedKey = (guint8 *)wmem_memdup(wmem_packet_scope(), pEAPKey->ie, key_bytes_len); + szEncryptedKey = (guint8 *)g_memdup(pEAPKey->ie, key_bytes_len); DEBUG_DUMP("Encrypted Broadcast key:", szEncryptedKey, key_bytes_len); DEBUG_DUMP("KeyIV:", pEAPKey->key_iv, 16); @@ -420,6 +420,7 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption if (rsn_id != 0xdd){ if (key_index+1 >= key_bytes_len){ + g_free(szEncryptedKey); return AIRPDCAP_RET_NO_VALID_HANDSHAKE; } key_index += decrypted_data[key_index+1]+2; @@ -429,8 +430,10 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption } if (key_found){ - if (key_index+8 >= key_bytes_len) + if (key_index+8 >= key_bytes_len) { + g_free(szEncryptedKey); return AIRPDCAP_RET_NO_VALID_HANDSHAKE; + } /* Skip over the GTK header info, and don't copy past the end of the encrypted data */ memcpy(szEncryptedKey, decrypted_data+key_index+8, key_bytes_len-key_index-8); @@ -440,6 +443,7 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption key_len = (sa->wpa.key_ver==AIRPDCAP_WPA_KEY_VER_NOT_CCMP)?TKIP_GROUP_KEY_LEN:CCMP_GROUP_KEY_LEN; if (key_len > key_bytes_len) { /* the key required for this protocol is longer than the key that we just calculated */ + g_free(szEncryptedKey); return AIRPDCAP_RET_NO_VALID_HANDSHAKE; } @@ -454,6 +458,7 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption /* AirPDcapRsnaMng() function will extract the right piece of the GTK for decryption. (The first 16 bytes of the GTK are used for decryption.) */ memset(sa->wpa.ptk, 0, sizeof(sa->wpa.ptk)); memcpy(sa->wpa.ptk+32, szEncryptedKey, key_len); + g_free(szEncryptedKey); return AIRPDCAP_RET_SUCCESS_HANDSHAKE; } |