ikev2: Properly free DH secret in case of errors during IKE key derivation

author Tobias Brunner <tobias@strongswan.org>

Wed, 6 Nov 2013 09:20:48 +0000 (10:20 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Wed, 6 Nov 2013 09:24:19 +0000 (10:24 +0100)
author Tobias Brunner <tobias@strongswan.org>
Wed, 6 Nov 2013 09:20:48 +0000 (10:20 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Wed, 6 Nov 2013 09:24:19 +0000 (10:24 +0100)
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c

index 4d0683f0a09be51c5100d4e53635f8eafc9f03ba..4a1e408053b1f760b36f96f662b9065538656739 100644 (file)
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -278,6 +278,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
         {
                 DBG1(DBG_IKE, "no %N selected",
                          transform_type_names, PSEUDO_RANDOM_FUNCTION);
+               chunk_clear(&secret);
                 return FALSE;
         }
         this->prf_alg = alg;
@@ -287,6 +288,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
                 DBG1(DBG_IKE, "%N %N not supported!",
                          transform_type_names, PSEUDO_RANDOM_FUNCTION,
                          pseudo_random_function_names, alg);
+               chunk_clear(&secret);
                 return FALSE;
         }
         DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret);
@@ -339,6 +341,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
                 {
                         DBG1(DBG_IKE, "PRF of old SA %N not supported!",
                                  pseudo_random_function_names, rekey_function);
+                       chunk_clear(&secret);
                         chunk_free(&full_nonce);
                         chunk_free(&fixed_nonce);
                         chunk_clear(&prf_plus_seed);
author	Tobias Brunner <tobias@strongswan.org>
	Wed, 6 Nov 2013 09:20:48 +0000 (10:20 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Wed, 6 Nov 2013 09:24:19 +0000 (10:24 +0100)