aircrack-ng gets SIGKILL with WEP dictionary attack

[anonymous]

Aircrack-ng 1.0 rc4 r1623 from SVN running on Linux 2.6.31 x64 (Debian Lenny) recieves a SIGKILL during a hex wordlist attack. It appears that aircrack-ng continues to allocate memory until the system is exhausted, then dies, having observed memory usage in top.

user@romic:~/Wireless$ ls -l dictionary.hex 
-rw-r--r-- 1 user user 531000000 2009-10-02 02:43 dictionary.hex
user@romic:~/Wireless$ wc -l dictionary.hex 
35400000 dictionary.hex
user@romic:~/Wireless$ head -n 5 dictionary.hex 
07:30:00:00:00
07:30:00:00:01
07:30:00:00:02
07:30:00:00:03
07:30:00:00:04
user@romic:~/Wireless$

user@romic:~/Wireless$ aircrack-ng -a 1 -n 64 -w h:dictionary.hex packets.dump

                                 Aircrack-ng 1.0 rc4 r1623


                 [00:02:11] Tested 3614467 keys (got 323 IVs)

   KB    depth   byte(vote)
    0    0/  0   00(   0) 00(   0) 00(   0) 00(   0) 00(   0) 
    1    0/  0   00(   0) 00(   0) 00(   0) 00(   0) 00(   0) 
    2    0/  0   00(   0) 00(   0) 00(   0) 00(   0) 00(   0) 
    3    0/  0   00(   0) 00(   0) 00(   0) 00(   0) 00(   0) 
    4    0/  0   00(   0) 00(   0) 00(   0) 00(   0) 00(   0) 

Killed
user@romic:~/Wireless$ 

I am currently trying to determine the cause of the problem in the src but help/a solution would be appreciated.

Ta

[anonymous]

Well that took a long time to solve.

in function next_key:

aircrack_ng.c:4201   tmp2 = tmp = (char*) malloc(1024);
aircrack_ng.c:4302   free(tmp);

however tmp gets set to NULL at some point between the alloc and free, resulting in the free function doing nothing. solution is to free(tmp2).

Patch file attached,

[anonymous]

Patch file to fix memory leak bug