From db52b6df6915d38a269bf68767faefd9cebf33bb Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Wed, 16 Aug 2017 19:04:50 +0200 Subject: [PATCH] tls-crypt: don't leak memory for incorrect tls-crypt messages If tls_crypt_unwrap() failed, we would jump to cleanup and forget to free the buffer. Instead, allocate the buffer through gc, which is free'd in the cleanup section. Signed-off-by: Steffan Karger Acked-by: David Sommerseth Message-Id: <20170816170450.10415-1-steffan@karger.me> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15282.html Signed-off-by: David Sommerseth (cherry picked from commit fca89379c53fe2c145db96a5bcd32327c4bcfa78) --- src/openvpn/ssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index bbc117c6d..0739cf7c1 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1534,7 +1534,7 @@ read_control_auth(struct buffer *buf, } else if (ctx->mode == TLS_WRAP_CRYPT) { - struct buffer tmp = alloc_buf(buf_forward_capacity_total(buf)); + struct buffer tmp = alloc_buf_gc(buf_forward_capacity_total(buf), &gc); if (!tls_crypt_unwrap(buf, &tmp, &ctx->opt)) { msg(D_TLS_ERRORS, "TLS Error: tls-crypt unwrapping failed from %s", @@ -1543,7 +1543,7 @@ read_control_auth(struct buffer *buf, } ASSERT(buf_init(buf, buf->offset)); ASSERT(buf_copy(buf, &tmp)); - free_buf(&tmp); + buf_clear(&tmp); } if (ctx->mode == TLS_WRAP_NONE || ctx->mode == TLS_WRAP_AUTH) -- 2.47.2