Skip to content
Permalink
Browse files

Use *_clear_free instead of *_free.

CVE-2014-4732
  • Loading branch information...
jvoisin authored and alandekok committed Jul 14, 2014
1 parent 4a382ca commit 22297d7bff6f1d5517eb6208feed7527328031b4
@@ -262,9 +262,9 @@ int compute_password_element (pwd_session_t *sess, uint16_t grp_num,
}

/* cleanliness and order.... */
BN_free(cofactor);
BN_free(x_candidate);
BN_free(rnd);
BN_clear_free(cofactor);
BN_clear_free(x_candidate);
BN_clear_free(rnd);
talloc_free(prfbuf);

return ret;
@@ -300,7 +300,7 @@ int compute_scalar_element (pwd_session_t *sess, BN_CTX *bnctx) {
ret = 0;

fail:
BN_free(mask);
BN_clear_free(mask);

return ret;
}
@@ -389,11 +389,11 @@ int process_peer_commit (pwd_session_t *sess, uint8_t *commit, BN_CTX *bnctx)
res = 0;

finish:
EC_POINT_free(K);
EC_POINT_free(point);
BN_free(cofactor);
BN_free(x);
BN_free(y);
EC_POINT_clear_free(K);
EC_POINT_clear_free(point);
BN_clear_free(cofactor);
BN_clear_free(x);
BN_clear_free(y);

return res;
}
@@ -84,16 +84,16 @@ static int eap_pwd_attach (CONF_SECTION *cs, void **instance)

static int _free_pwd_session (pwd_session_t *session)
{
BN_free(session->private_value);
BN_free(session->peer_scalar);
BN_free(session->my_scalar);
BN_free(session->k);
EC_POINT_free(session->my_element);
EC_POINT_free(session->peer_element);
BN_clear_free(session->private_value);
BN_clear_free(session->peer_scalar);
BN_clear_free(session->my_scalar);
BN_clear_free(session->k);
EC_POINT_clear_free(session->my_element);
EC_POINT_clear_free(session->peer_element);
EC_GROUP_free(session->group);
EC_POINT_free(session->pwe);
BN_free(session->order);
BN_free(session->prime);
EC_POINT_clear_free(session->pwe);
BN_clear_free(session->order);
BN_clear_free(session->prime);

return 0;
}
@@ -485,8 +485,8 @@ static int mod_authenticate (void *arg, eap_handler_t *handler)
if (!EC_POINT_get_affine_coordinates_GFp(pwd_session->group, pwd_session->my_element, x, y,
inst->bnctx)) {
DEBUG2("server point assignment failed");
BN_free(x);
BN_free(y);
BN_clear_free(x);
BN_clear_free(y);
return 0;
}

0 comments on commit 22297d7

Please sign in to comment.
You can’t perform that action at this time.