radlib: fix a memory leak in is_valid_request

Call `HMAC_CTX_free` if returning early from `is_valid_request` when processing `Message-Authenticator` tags. Reported by: Coverity MFC after: 1 week Fixes: 8d5c781 ("libradius: Fix input validation bugs") Differential Revision: https://reviews.freebsd.org/D45488
VultureProject · Jun 5, 2024 · 77c04f3 · 77c04f3
1 parent dbe7ff2
commit 77c04f3
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/lib/libradius/radlib.c b/lib/libradius/radlib.c
@@ -320,8 +320,10 @@ is_valid_request(struct rad_handle *h)
 	hctx = HMAC_CTX_new();
 	while (pos < len - 2) {
 		alen = h->in[pos + 1];
-		if (alen < 2)
+		if (alen < 2) {
+			HMAC_CTX_free(hctx);
 			return (0);
+		}
 		if (h->in[pos] == RAD_MESSAGE_AUTHENTIC) {
 			if (len - pos < MD5_DIGEST_LENGTH + 2) {
 				HMAC_CTX_free(hctx);