src - OpenBSD base system

diff options


context:
space:
mode:

author	tobhe <tobhe@cvs.openbsd.org>	2020-04-08 20:04:20 +0000
committer	tobhe <tobhe@cvs.openbsd.org>	2020-04-08 20:04:20 +0000
commit	fd5d15cab6d9936926337ebb76ea3ce2598790ce (patch)
tree	6a09d23c364a6051c2cf1529bd279b382f68b6a8 /sbin/iked
parent	201287c99756a195213b7a8f685b7e6b08c7ba8b (diff)

Prevent multiple ibuf leaks. Clean up on proccess shutdown.

ok markus@

Diffstat (limited to 'sbin/iked')

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

sbin/iked/ikev2_pld.c

-rw-r--r--

sbin/iked/proc.c

6 files changed, 42 insertions, 8 deletions

diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c
index a211215569b..ff078179e08 100644
--- a/sbin/iked/ca.c
+++ b/sbin/iked/ca.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ca.c,v 1.57 2020/04/07 18:52:57 tobhe Exp $ */

+/* $OpenBSD: ca.c,v 1.58 2020/04/08 20:04:19 tobhe Exp $ */

@@ -47,6 +47,7 @@

#include "ikev2.h"

void ca_run(struct privsep *, struct privsep_proc *, void *);

+void ca_shutdown(struct privsep_proc *);

void ca_reset(struct privsep *);

int ca_reload(struct iked *);

@@ -117,6 +118,23 @@ ca_run(struct privsep *ps, struct privsep_proc *p, void *arg)

fatal("%s: failed to allocate cert store", __func__);

env->sc_priv = store;

+ p->p_shutdown = ca_shutdown;

+void

+ca_shutdown(struct privsep_proc *p)

+ struct iked *env = p->p_env;

+ struct ca_store *store;

+ if (env == NULL)

+ return;

+ ibuf_release(env->sc_certreq);

+ if ((store = env->sc_priv) == NULL)

+ return;

+ ibuf_release(store->ca_pubkey.id_buf);

+ ibuf_release(store->ca_privkey.id_buf);

+ free(store);

}

void

@@ -618,6 +636,7 @@ ca_getauth(struct iked *env, struct imsg *imsg)

ret = ca_setauth(env, &sa, sa.sa_localauth.id_buf, PROC_IKEV2);

ibuf_release(sa.sa_localauth.id_buf);

+ sa.sa_localauth.id_buf = NULL;

ibuf_release(authmsg);

return (ret);

diff --git a/sbin/iked/crypto.c b/sbin/iked/crypto.c
index 15b1f44211c..945bf04666b 100644
--- a/sbin/iked/crypto.c
+++ b/sbin/iked/crypto.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: crypto.c,v 1.23 2020/02/14 13:02:31 tobhe Exp $ */

+/* $OpenBSD: crypto.c,v 1.24 2020/04/08 20:04:19 tobhe Exp $ */

@@ -401,6 +401,7 @@ cipher_free(struct iked_cipher *encr)

EVP_CIPHER_CTX_cleanup(encr->encr_ctx);

free(encr->encr_ctx);

}

+ ibuf_release(encr->encr_iv);

ibuf_release(encr->encr_key);

free(encr);

}

diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index 1d19305fa78..598e82d0157 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: iked.h,v 1.140 2020/04/02 19:44:41 tobhe Exp $ */

+/* $OpenBSD: iked.h,v 1.141 2020/04/08 20:04:19 tobhe Exp $ */

@@ -647,7 +647,7 @@ struct privsep_proc {

const char *p_chroot;

struct privsep *p_ps;

struct iked *p_env;

- void (*p_shutdown)(void);

+ void (*p_shutdown)(struct privsep_proc *);

unsigned int p_instance;

};

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index b41303a6a25..4074ea549b8 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ikev2.c,v 1.211 2020/04/05 13:52:14 tobhe Exp $ */

+/* $OpenBSD: ikev2.c,v 1.212 2020/04/08 20:04:19 tobhe Exp $ */

@@ -55,6 +55,7 @@ void ikev2_log_proposal(struct iked_sa *, struct iked_proposals *);

void ikev2_log_cert_info(const char *, struct iked_id *);

void ikev2_run(struct privsep *, struct privsep_proc *, void *);

+void ikev2_shutdown(struct privsep_proc *);

int ikev2_dispatch_parent(int, struct privsep_proc *, struct imsg *);

int ikev2_dispatch_cert(int, struct privsep_proc *, struct imsg *);

int ikev2_dispatch_control(int, struct privsep_proc *, struct imsg *);

@@ -189,10 +190,20 @@ ikev2_run(struct privsep *ps, struct privsep_proc *p, void *arg)

* recvfd - for PFKEYv2 and the listening UDP sockets.

* In theory, recvfd could be dropped after getting the fds once.

+ p->p_shutdown = ikev2_shutdown;

if (pledge("stdio inet recvfd", NULL) == -1)

fatal("pledge");

}

+void

+ikev2_shutdown(struct privsep_proc *p)

+ struct iked *env = p->p_env;

+ ibuf_release(env->sc_certreq);

+ env->sc_certreq = NULL;

int

ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)

{

diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c
index f90a94a99bf..b542dfafbba 100644
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ikev2_pld.c,v 1.80 2020/04/02 19:44:41 tobhe Exp $ */

+/* $OpenBSD: ikev2_pld.c,v 1.81 2020/04/08 20:04:19 tobhe Exp $ */

@@ -719,6 +719,7 @@ ikev2_pld_id(struct iked *env, struct ikev2_payload *pld,

return (-1);

if (ikev2_print_id(&idb, idstr, sizeof(idstr)) == -1) {

+ ibuf_release(idb.id_buf);

log_debug("%s: malformed id", __func__);

return (-1);

}

@@ -732,12 +733,14 @@ ikev2_pld_id(struct iked *env, struct ikev2_payload *pld,

if (!((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) ||

(!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi))) {

+ ibuf_release(idb.id_buf);

log_debug("%s: unexpected id payload", __func__);

return (0);

}

idp = &msg->msg_parent->msg_id;

if (idp->id_type) {

+ ibuf_release(idb.id_buf);

log_debug("%s: duplicate id payload", __func__);

return (-1);

}

diff --git a/sbin/iked/proc.c b/sbin/iked/proc.c
index 1602f0fe275..55d556db9ea 100644
--- a/sbin/iked/proc.c
+++ b/sbin/iked/proc.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: proc.c,v 1.31 2018/08/06 06:30:06 mestre Exp $ */

+/* $OpenBSD: proc.c,v 1.32 2020/04/08 20:04:19 tobhe Exp $ */

@@ -292,7 +292,7 @@ proc_shutdown(struct privsep_proc *p)

struct privsep *ps = p->p_ps;

if (p->p_shutdown != NULL)

- (*p->p_shutdown)();

+ (*p->p_shutdown)(p);

proc_close(ps);