diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-03-28 16:32:43 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-03-28 16:32:43 +0000 |
| commit | e0669acc3be84a458a61a7c70ea61e5ecdbd61e9 (patch) | |
| tree | 7c4e0f2237fb2a93cbc54af424036983123a4008 | |
| parent | ad2f46ed1ac24e725ba03ce610ec60330714ae90 (diff) | |
Avoid double free in isakmpd
In the unlikely event that EC_KEY_check_key() in ec_init() fails,
group->ec would be freed first in ec_init() then in group_free().
Same problem was fixed in iked/dh.c r1.31 (where it originally came
from).
ok jsg mbuhl
| -rw-r--r-- | sbin/isakmpd/dh.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/sbin/isakmpd/dh.c b/sbin/isakmpd/dh.c index ac436797e59..78d9e491015 100644 --- a/sbin/isakmpd/dh.c +++ b/sbin/isakmpd/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.25 2022/01/14 09:19:19 tb Exp $ */ +/* $OpenBSD: dh.c,v 1.26 2023/03/28 16:32:42 tb Exp $ */ /* * Copyright (c) 2010-2014 Reyk Floeter <reyk@openbsd.org> @@ -420,10 +420,8 @@ ec_init(struct group *group) return (-1); if (!EC_KEY_generate_key(group->ec)) return (-1); - if (!EC_KEY_check_key(group->ec)) { - EC_KEY_free(group->ec); + if (!EC_KEY_check_key(group->ec)) return (-1); - } return (0); } |