radlib: fix a memory leak in is_valid_request
Call `HMAC_CTX_free` if returning early from `is_valid_request` when
processing `Message-Authenticator` tags.
Reported by: Coverity
MFC after: 1 week
Fixes: 8d5c781306 ("libradius: Fix input validation bugs")
Differential Revision: https://reviews.freebsd.org/D45488
This commit is contained in:
@@ -320,8 +320,10 @@ is_valid_request(struct rad_handle *h)
|
||||
hctx = HMAC_CTX_new();
|
||||
while (pos < len - 2) {
|
||||
alen = h->in[pos + 1];
|
||||
if (alen < 2)
|
||||
if (alen < 2) {
|
||||
HMAC_CTX_free(hctx);
|
||||
return (0);
|
||||
}
|
||||
if (h->in[pos] == RAD_MESSAGE_AUTHENTIC) {
|
||||
if (len - pos < MD5_DIGEST_LENGTH + 2) {
|
||||
HMAC_CTX_free(hctx);
|
||||
|
||||
Reference in New Issue
Block a user