ssl_verify: Fix memleak if creating deferred auth control files fails

If the key_state_gen_auth_control_files() call fails, the code would
just return without freeing the argv container.  Instead the code should
jump to an appropriate exit point where memory is being released.

Also adjust the related comment, to indicate that these deferred auth
control files are really pre-created.

Signed-off-by: David Sommerseth <davids@openvpn.net>
Reported-by: Trail of Bits (TOB-OVPN-2)
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221215190143.2107896-3-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25737.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 0567da5377704cf64bd2599f2d49aa478d386941)

diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index 76cb9f19b0dd3026b15dbb1df45166fa2ef179a3..228cf16e1adb54c3875401caede346ad890f8999 100644 (file)
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -1358,12 +1358,13 @@ verify_user_pass_script(struct tls_session *session, struct tls_multi *multi,
         setenv_str(session->opt->es, "password", up->password);
     }
 
-    /* generate filename for deferred auth control file */
+    /* pre-create files for deferred auth control */
     if (!key_state_gen_auth_control_files(&ks->script_auth, session->opt))
     {
         msg(D_TLS_ERRORS, "TLS Auth Error (%s): "
             "could not create deferred auth control file", __func__);
-        return OPENVPN_PLUGIN_FUNC_ERROR;
+        retval = OPENVPN_PLUGIN_FUNC_ERROR;
+        goto error;
     }
 
     /* call command */
@@ -1412,6 +1413,7 @@ done:
         platform_unlink(tmp_file);
     }
 
+error:
     argv_free(&argv);
     gc_free(&gc);
     return retval;