git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Wed, 15 Mar 2023 19:55:12 +0000 (20:55 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 15 Mar 2023 20:45:14 +0000 (21:45 +0100)
commit	e8ecaadd2ac38f2c2d4bcd40eeaea7401aa737a1
tree	edd778843bda6dd9a6b45bfc9435a5c2c149ec10	tree \| snapshot
parent	b7cf18f750f2a020032e09b6c4184579896876ee	commit \| diff

Fix memory leaks in HMAC initial packet generation

The HMAC leaks are just forgotten frees/deinitialisations.

tls_wrap_control() will sometimes return the original buffer (non
tls-crypt) and sometimes tls_wrap.work, so handling this buffer lifetime
is a bit more complicated. Instead of further complicating that code
just give our work buffer the same lifetime as the other one inside
tls_wrap.work (put it into per-session gc_arena) as that is also more
consistent.

Second, packet_id_init() allocates a buffer with malloc and not using a
gc_arena, so we need to also manually free it.

Patch v2: add missing deallocations in unit tests of the new workbuf
Patch v3: remove useless allocation of 0 size buffer in
tls_auth_standalone_init

Found-By: clang with asan
Change-Id: I0cff44f79ee7e3bcf7b5981fc94f469c15f21af3
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230315195512.323070-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl.h		diff \| blob \| blame \| history
src/openvpn/ssl_pkt.c		diff \| blob \| blame \| history
src/openvpn/ssl_pkt.h		diff \| blob \| blame \| history
tests/unit_tests/openvpn/test_pkt.c		diff \| blob \| blame \| history