git: c2dca1b5607f - stable/14 - radlib: fix a memory leak in `is_valid_request`
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 28 Sep 2024 03:55:02 UTC
The branch stable/14 has been updated by ngie:
URL: https://cgit.FreeBSD.org/src/commit/?id=c2dca1b5607fa4c69d5357c717c3b2dd359e2f26
commit c2dca1b5607fa4c69d5357c717c3b2dd359e2f26
Author: Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2024-06-04 20:01:55 +0000
Commit: Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2024-09-28 03:54:48 +0000
radlib: fix a memory leak in `is_valid_request`
Call `HMAC_CTX_free` if returning early from `is_valid_request` when
processing `Message-Authenticator` tags.
Reported by: Coverity
MFC after: 1 week
Fixes: 8d5c7813061d ("libradius: Fix input validation bugs")
Differential Revision: https://reviews.freebsd.org/D45488
(cherry picked from commit 77c04f3eb12a560eb61252c817e4147bc0178e43)
---
lib/libradius/radlib.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/libradius/radlib.c b/lib/libradius/radlib.c
index 2049468f455f..cd1f1df1b234 100644
--- a/lib/libradius/radlib.c
+++ b/lib/libradius/radlib.c
@@ -321,8 +321,10 @@ is_valid_request(struct rad_handle *h)
hctx = HMAC_CTX_new();
while (pos < len - 2) {
alen = h->in[pos + 1];
- if (alen < 2)
+ if (alen < 2) {
+ HMAC_CTX_free(hctx);
return (0);
+ }
if (h->in[pos] == RAD_MESSAGE_AUTHENTIC) {
if (len - pos < MD5_DIGEST_LENGTH + 2) {
HMAC_CTX_free(hctx);