Fix memory leaks in HMAC initial packet generation

The HMAC leaks are just forgotten frees/deinitialisations.

tls_wrap_control() will sometimes return the original buffer (non
tls-crypt) and sometimes tls_wrap.work, so handling this buffer lifetime
is a bit more complicated.  Instead of further complicating that code
just give our work buffer the same lifetime as the other one inside
tls_wrap.work (put it into per-session gc_arena) as that is also more
consistent.

Second, packet_id_init() allocates a buffer with malloc and not using a
gc_arena, so we need to also manually free it.

Patch v2: add missing deallocations in unit tests of the new workbuf
Patch v3: remove useless allocation of 0 size buffer in
          tls_auth_standalone_init

Found-By: clang with asan
Change-Id: I0cff44f79ee7e3bcf7b5981fc94f469c15f21af3
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230315195512.323070-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit e8ecaadd2ac38f2c2d4bcd40eeaea7401aa737a1)

1 files changed, 11 insertions, 0 deletions

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 78cec90..fe6390f 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1361,6 +1361,17 @@ tls_auth_standalone_init(struct tls_options *tls_options,
     return tas;
 }
 
+void
+tls_auth_standalone_free(struct tls_auth_standalone *tas)
+{
+    if (!tas)
+    {
+        return;
+    }
+
+    packet_id_free(&tas->tls_wrap.opt.packet_id);
+}
+
 /*
  * Set local and remote option compatibility strings.
  * Used to verify compatibility of local and remote option