diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2024-07-18 08:59:00 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2024-07-18 08:59:00 +0000 |
| commit | 767e53a04d61692f59dcb5bf7812c435b61641dd (patch) | |
| tree | 9e4e8162651457acabbf8db30641efe084277c76 | |
| parent | 4f71a44d4a0e0358989483194687970d1a11e9f4 (diff) | |
Fix memory leaks and improve id handling of iked_radserver_req.
original diff from markus
ok tobhe
| -rw-r--r-- | sbin/iked/radius.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/sbin/iked/radius.c b/sbin/iked/radius.c index ab2e6fb1ed6..61e9b05a19b 100644 --- a/sbin/iked/radius.c +++ b/sbin/iked/radius.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radius.c,v 1.7 2024/07/13 14:28:27 yasuoka Exp $ */ +/* $OpenBSD: radius.c,v 1.8 2024/07/18 08:58:59 yasuoka Exp $ */ /* * Copyright (c) 2024 Internet Initiative Japan Inc. @@ -177,6 +177,7 @@ iked_radius_on_event(int fd, short ev, void *ctx) if (req == NULL) { log_debug("%s: received an unknown RADIUS message: id=%u", __func__, (unsigned)resid); + radius_delete_packet(pkt); return; } @@ -184,6 +185,7 @@ iked_radius_on_event(int fd, short ev, void *ctx) if (radius_check_response_authenticator(pkt, server->rs_secret) != 0) { log_info("%s: received an invalid RADIUS message: bad " "response authenticator", __func__); + radius_delete_packet(pkt); return; } if (req->rr_accounting) { @@ -200,6 +202,7 @@ iked_radius_on_event(int fd, short ev, void *ctx) TAILQ_REMOVE(&server->rs_reqs, req, rr_entry); req->rr_server = NULL; free(req); + radius_delete_packet(pkt); return; } @@ -207,6 +210,7 @@ iked_radius_on_event(int fd, short ev, void *ctx) if (radius_check_message_authenticator(pkt, server->rs_secret) != 0) { log_info("%s: received an invalid RADIUS message: bad " "message authenticator", __func__); + radius_delete_packet(pkt); return; } @@ -314,10 +318,14 @@ iked_radius_on_event(int fd, short ev, void *ctx) log_info("%s: failed to retrieve the EAP message", __func__); goto fail; } + radius_delete_packet(pkt); ikev2_send_ike_e(env, req->rr_sa, e, IKEV2_PAYLOAD_EAP, IKEV2_EXCHANGE_IKE_AUTH, 1); + /* keep request for challenge state and config parameters */ + req->rr_reqid = -1; /* release reqid */ return; fail: + radius_delete_packet(pkt); if (req->rr_server != NULL) TAILQ_REMOVE(&server->rs_reqs, req, rr_entry); req->rr_server = NULL; @@ -416,8 +424,10 @@ iked_radius_request_send(struct iked *env, void *ctx) if (req->rr_ntry == 0) { /* decide the ID */ seq = ++server->rs_reqseq; - for (i = 0; i < UCHAR_MAX; i++) { + for (i = 0; i <= UCHAR_MAX; i++) { TAILQ_FOREACH(req0, &server->rs_reqs, rr_entry) { + if (req0->rr_reqid == -1) + continue; if (req0->rr_reqid == seq) break; } @@ -425,7 +435,7 @@ iked_radius_request_send(struct iked *env, void *ctx) break; seq++; } - if (i >= UCHAR_MAX) { + if (i > UCHAR_MAX) { log_info("%s: RADIUS server %s failed. Too many " "pending requests", __func__, print_addr(&server->rs_sockaddr)); |