diff options
author | Arne Schwabe | 2023-03-15 20:55:12 +0100 |
---|---|---|
committer | Gert Doering | 2023-03-15 21:46:29 +0100 |
commit | 0942e1575abbc0bdda62e3158827b130ae3f9ab6 (patch) | |
tree | eb265f314aa12946f00aee107823fd849b90b5e0 /src/openvpn/ssl.c | |
parent | 1e954cefa0941439ca09598b6131203b975950f8 (diff) | |
download | openvpn-0942e1575abbc0bdda62e3158827b130ae3f9ab6.zip openvpn-0942e1575abbc0bdda62e3158827b130ae3f9ab6.tar.gz |
Fix memory leaks in HMAC initial packet generation
The HMAC leaks are just forgotten frees/deinitialisations.
tls_wrap_control() will sometimes return the original buffer (non
tls-crypt) and sometimes tls_wrap.work, so handling this buffer lifetime
is a bit more complicated. Instead of further complicating that code
just give our work buffer the same lifetime as the other one inside
tls_wrap.work (put it into per-session gc_arena) as that is also more
consistent.
Second, packet_id_init() allocates a buffer with malloc and not using a
gc_arena, so we need to also manually free it.
Patch v2: add missing deallocations in unit tests of the new workbuf
Patch v3: remove useless allocation of 0 size buffer in
tls_auth_standalone_init
Found-By: clang with asan
Change-Id: I0cff44f79ee7e3bcf7b5981fc94f469c15f21af3
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230315195512.323070-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit e8ecaadd2ac38f2c2d4bcd40eeaea7401aa737a1)
Diffstat (limited to 'src/openvpn/ssl.c')
-rw-r--r-- | src/openvpn/ssl.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 78cec90..fe6390f 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1361,6 +1361,17 @@ tls_auth_standalone_init(struct tls_options *tls_options, return tas; } +void +tls_auth_standalone_free(struct tls_auth_standalone *tas) +{ + if (!tas) + { + return; + } + + packet_id_free(&tas->tls_wrap.opt.packet_id); +} + /* * Set local and remote option compatibility strings. * Used to verify compatibility of local and remote option |