diff options
author | Guy Harris <guy@alum.mit.edu> | 2015-12-21 12:55:37 -0800 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2015-12-21 20:56:13 +0000 |
commit | a3e80157c830e75a8b7c5bae89dabd943c7bfc85 (patch) | |
tree | 94d20bedb0e17052a35a674394219559ee482ae5 /epan | |
parent | 6ede7d4ba3d7acaf90846618afd0830a57511b64 (diff) |
g_malloc the decrypted key in AES_unwrap(), but always free it.
It doesn't need to exist after AirPDcapDecryptWPABroadcastKey() returns.
Change-Id: Ifaf08dfb285be3cf54429f7b77d44565962d4450
Reviewed-on: https://code.wireshark.org/review/12808
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'epan')
-rw-r--r-- | epan/crypt/airpdcap.c | 4 | ||||
-rw-r--r-- | epan/crypt/airpdcap_rijndael.c | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c index 1c06432d7b..b976662a39 100644 --- a/epan/crypt/airpdcap.c +++ b/epan/crypt/airpdcap.c @@ -420,6 +420,7 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption if (rsn_id != 0xdd){ if (key_index+1 >= key_bytes_len){ + g_free(decrypted_data); g_free(szEncryptedKey); return AIRPDCAP_RET_NO_VALID_HANDSHAKE; } @@ -431,6 +432,7 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption if (key_found){ if (key_index+8 >= key_bytes_len) { + g_free(decrypted_data); g_free(szEncryptedKey); return AIRPDCAP_RET_NO_VALID_HANDSHAKE; } @@ -438,6 +440,8 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption /* Skip over the GTK header info, and don't copy past the end of the encrypted data */ memcpy(szEncryptedKey, decrypted_data+key_index+8, key_bytes_len-key_index-8); } + + g_free(decrypted_data); } key_len = (sa->wpa.key_ver==AIRPDCAP_WPA_KEY_VER_NOT_CCMP)?TKIP_GROUP_KEY_LEN:CCMP_GROUP_KEY_LEN; diff --git a/epan/crypt/airpdcap_rijndael.c b/epan/crypt/airpdcap_rijndael.c index 32cd8a5cbe..c7782c3f9e 100644 --- a/epan/crypt/airpdcap_rijndael.c +++ b/epan/crypt/airpdcap_rijndael.c @@ -27,7 +27,6 @@ #include "airpdcap_rijndael.h" #include "airpdcap_debug.h" -#include <epan/wmem/wmem.h> #include <glib.h> #include <wsutil/aes.h> @@ -51,7 +50,7 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len) /* Allocate buffer for the unwrapped key */ - output = (guint8 *)wmem_alloc(wmem_packet_scope(), cipher_len); + output = (guint8 *) g_malloc0(cipher_len); /* Initialize variables */ |