diff options
author | tobhe <tobhe@cvs.openbsd.org> | 2021-01-31 17:15:39 +0000 |
---|---|---|
committer | tobhe <tobhe@cvs.openbsd.org> | 2021-01-31 17:15:39 +0000 |
commit | ff1aaca23bdae281991e76309bc48bf94ac5afc3 (patch) | |
tree | 9859c6a7cac12b5039df8a9d378c1743fea8a14d /sbin/iked | |
parent | 93b7c0f7d82d173efe2f9ef92b5cfa7fcdf7263d (diff) |
Don't leak flows if ikev2_cp_fixflow() fails.
ok patrick@
Diffstat (limited to 'sbin/iked')
-rw-r--r-- | sbin/iked/ikev2.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 94b6c6af415..1d7a63d2b9d 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.298 2021/01/23 21:35:48 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.299 2021/01/31 17:15:38 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -5929,8 +5929,10 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, flowa->flow_local = &sa->sa_local; flowa->flow_peer = &sa->sa_peer; flowa->flow_ikesa = sa; - if (ikev2_cp_fixflow(sa, flow, flowa) == -1) + if (ikev2_cp_fixflow(sa, flow, flowa) == -1) { + flow_free(flowa); continue; + } skip = 0; TAILQ_FOREACH(saflow, &sa->sa_flows, flow_entry) { @@ -5957,8 +5959,11 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, sizeof(flow->flow_dst)); memcpy(&flowb->flow_dst, &flow->flow_src, sizeof(flow->flow_src)); - if (ikev2_cp_fixflow(sa, flow, flowb) == -1) + if (ikev2_cp_fixflow(sa, flow, flowb) == -1) { + flow_free(flowa); + flow_free(flowb); continue; + } TAILQ_INSERT_TAIL(&sa->sa_flows, flowa, flow_entry); TAILQ_INSERT_TAIL(&sa->sa_flows, flowb, flow_entry); |