Date: Sat, 28 Sep 2024 03:55:02 GMT From: Enji Cooper <ngie@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: c2dca1b5607f - stable/14 - radlib: fix a memory leak in `is_valid_request` Message-ID: <202409280355.48S3t285015018@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=c2dca1b5607fa4c69d5357c717c3b2dd359e2f26 commit c2dca1b5607fa4c69d5357c717c3b2dd359e2f26 Author: Enji Cooper <ngie@FreeBSD.org> AuthorDate: 2024-06-04 20:01:55 +0000 Commit: Enji Cooper <ngie@FreeBSD.org> CommitDate: 2024-09-28 03:54:48 +0000 radlib: fix a memory leak in `is_valid_request` Call `HMAC_CTX_free` if returning early from `is_valid_request` when processing `Message-Authenticator` tags. Reported by: Coverity MFC after: 1 week Fixes: 8d5c7813061d ("libradius: Fix input validation bugs") Differential Revision: https://reviews.freebsd.org/D45488 (cherry picked from commit 77c04f3eb12a560eb61252c817e4147bc0178e43) --- lib/libradius/radlib.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/libradius/radlib.c b/lib/libradius/radlib.c index 2049468f455f..cd1f1df1b234 100644 --- a/lib/libradius/radlib.c +++ b/lib/libradius/radlib.c @@ -321,8 +321,10 @@ is_valid_request(struct rad_handle *h) hctx = HMAC_CTX_new(); while (pos < len - 2) { alen = h->in[pos + 1]; - if (alen < 2) + if (alen < 2) { + HMAC_CTX_free(hctx); return (0); + } if (h->in[pos] == RAD_MESSAGE_AUTHENTIC) { if (len - pos < MD5_DIGEST_LENGTH + 2) { HMAC_CTX_free(hctx);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202409280355.48S3t285015018>