Fix some double free errors. While around, adjust a log message.

ok ho@

1 files changed, 23 insertions, 7 deletions

diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index 930cf0f55ed..6b237e1c618 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ike_quick_mode.c,v 1.71 2004/01/16 10:51:57 hshoexer Exp $	*/
+/*	$OpenBSD: ike_quick_mode.c,v 1.72 2004/02/20 09:46:56 hshoexer Exp $	*/
 /*	$EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $	*/
 
 /*
@@ -1163,12 +1163,18 @@ initiator_recv_HASH_SA_NONCE (struct message *msg)
 
       if (!ie->id_ci || !ie->id_cr)
 	{
-	  log_error ("initiator_recv_HASH_SA_NONCE: malloc (%lu) failed",
-		     (unsigned long)ie->id_cr_sz);
+	  log_error ("initiator_recv_HASH_SA_NONCE: calloc (%lu, %lu) failed",
+		     (unsigned long)ie->id_cr_sz, (unsigned long)sizeof (char));
 	  if (ie->id_ci)
-	    free (ie->id_ci);
+	    {
+	      free (ie->id_ci);
+	      ie->id_ci = 0;
+	    }
 	  if (ie->id_cr)
-	    free (ie->id_cr);
+	    {
+	      free (ie->id_cr);
+	      ie->id_cr = 0;
+	    }
 	  return -1;
 	}
 
@@ -1176,7 +1182,9 @@ initiator_recv_HASH_SA_NONCE (struct message *msg)
 	{
 	  log_error ("initiator_recv_HASH_SA_NONCE: sa_family mismatch");
 	  free (ie->id_ci);
+	  ie->id_ci = 0;
 	  free (ie->id_cr);
+	  ie->id_cr = 0;
 	  return -1;
 	}
 
@@ -1196,7 +1204,9 @@ initiator_recv_HASH_SA_NONCE (struct message *msg)
 	  log_error ("initiator_recv_HASH_SA_NONCE: unknown sa_family %d",
 		     src->sa_family);
 	  free (ie->id_ci);
+	  ie->id_ci = 0;
 	  free (ie->id_cr);
+	  ie->id_cr = 0;
 	  return -1;
 	}
       memcpy (ie->id_ci + ISAKMP_ID_DATA_OFF, sockaddr_addrdata (src),
@@ -1750,9 +1760,15 @@ cleanup:
   if (my_hash)
     free (my_hash);
   if (ie->id_ci)
-    free (ie->id_ci);
+    {
+      free (ie->id_ci);
+      ie->id_ci = 0;
+    }
   if (ie->id_cr)
-    free (ie->id_cr);
+    {
+      free (ie->id_cr);
+      ie->id_cr = 0;
+    }
   return -1;
 }