Skip to content

Commit

Permalink
Use *_clear_free instead of *_free.
Browse files Browse the repository at this point in the history
CVE-2014-4732
  • Loading branch information
jvoisin authored and alandekok committed Jul 14, 2014
1 parent 4a382ca commit 22297d7
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 20 deletions.
18 changes: 9 additions & 9 deletions src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
Expand Up @@ -262,9 +262,9 @@ int compute_password_element (pwd_session_t *sess, uint16_t grp_num,
}

/* cleanliness and order.... */
BN_free(cofactor);
BN_free(x_candidate);
BN_free(rnd);
BN_clear_free(cofactor);
BN_clear_free(x_candidate);
BN_clear_free(rnd);
talloc_free(prfbuf);

return ret;
Expand Down Expand Up @@ -300,7 +300,7 @@ int compute_scalar_element (pwd_session_t *sess, BN_CTX *bnctx) {
ret = 0;

fail:
BN_free(mask);
BN_clear_free(mask);

return ret;
}
Expand Down Expand Up @@ -389,11 +389,11 @@ int process_peer_commit (pwd_session_t *sess, uint8_t *commit, BN_CTX *bnctx)
res = 0;

finish:
EC_POINT_free(K);
EC_POINT_free(point);
BN_free(cofactor);
BN_free(x);
BN_free(y);
EC_POINT_clear_free(K);
EC_POINT_clear_free(point);
BN_clear_free(cofactor);
BN_clear_free(x);
BN_clear_free(y);

return res;
}
Expand Down
22 changes: 11 additions & 11 deletions src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c
Expand Up @@ -84,16 +84,16 @@ static int eap_pwd_attach (CONF_SECTION *cs, void **instance)

static int _free_pwd_session (pwd_session_t *session)
{
BN_free(session->private_value);
BN_free(session->peer_scalar);
BN_free(session->my_scalar);
BN_free(session->k);
EC_POINT_free(session->my_element);
EC_POINT_free(session->peer_element);
BN_clear_free(session->private_value);
BN_clear_free(session->peer_scalar);
BN_clear_free(session->my_scalar);
BN_clear_free(session->k);
EC_POINT_clear_free(session->my_element);
EC_POINT_clear_free(session->peer_element);
EC_GROUP_free(session->group);
EC_POINT_free(session->pwe);
BN_free(session->order);
BN_free(session->prime);
EC_POINT_clear_free(session->pwe);
BN_clear_free(session->order);
BN_clear_free(session->prime);

return 0;
}
Expand Down Expand Up @@ -485,8 +485,8 @@ static int mod_authenticate (void *arg, eap_handler_t *handler)
if (!EC_POINT_get_affine_coordinates_GFp(pwd_session->group, pwd_session->my_element, x, y,
inst->bnctx)) {
DEBUG2("server point assignment failed");
BN_free(x);
BN_free(y);
BN_clear_free(x);
BN_clear_free(y);
return 0;
}

Expand Down

0 comments on commit 22297d7

Please sign in to comment.