diff options
-rw-r--r-- | sbin/isakmpd/conf.c | 68 | ||||
-rw-r--r-- | sbin/isakmpd/connection.c | 11 | ||||
-rw-r--r-- | sbin/isakmpd/exchange.c | 32 | ||||
-rw-r--r-- | sbin/isakmpd/ike_auth.c | 23 | ||||
-rw-r--r-- | sbin/isakmpd/ike_phase_1.c | 17 | ||||
-rw-r--r-- | sbin/isakmpd/ike_quick_mode.c | 53 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec.c | 94 | ||||
-rw-r--r-- | sbin/isakmpd/isakmp_cfg.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/math_2n.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/message.c | 41 | ||||
-rw-r--r-- | sbin/isakmpd/nat_traversal.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 88 | ||||
-rw-r--r-- | sbin/isakmpd/policy.c | 23 | ||||
-rw-r--r-- | sbin/isakmpd/sa.c | 26 | ||||
-rw-r--r-- | sbin/isakmpd/udp.c | 14 | ||||
-rw-r--r-- | sbin/isakmpd/udp_encap.c | 8 | ||||
-rw-r--r-- | sbin/isakmpd/ui.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/vendor.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/virtual.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/x509.c | 35 |
20 files changed, 196 insertions, 367 deletions
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c index 26a90d02a34..c72ae09b99a 100644 --- a/sbin/isakmpd/conf.c +++ b/sbin/isakmpd/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.93 2007/02/19 09:43:34 hshoexer Exp $ */ +/* $OpenBSD: conf.c,v 1.94 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */ /* @@ -185,18 +185,12 @@ conf_set_now(char *section, char *tag, char *value, int override, node->tag, node->value)); return 0; fail: - if (node->value) { - free(node->value); - node->value = NULL; - } - if (node->tag) { - free(node->tag); - node->tag = NULL; - } - if (node->section) { - free(node->section); - node->section = NULL; - } + free(node->value); + node->value = NULL; + free(node->tag); + node->tag = NULL; + free(node->section); + node->section = NULL; return 1; } @@ -221,8 +215,7 @@ conf_parse_line(int trans, char *line, int ln, size_t sz) for (i = 1; i < sz; i++) if (line[i] == ']') break; - if (section) - free(section); + free(section); if (i == sz) { log_print("conf_parse_line: %d:" "unmatched ']', ignoring until next section", ln); @@ -629,8 +622,7 @@ conf_reinit(void) return; fail: - if (new_conf_addr) - free(new_conf_addr); + free(new_conf_addr); close(fd); } @@ -760,12 +752,10 @@ conf_get_list(char *section, char *tag) return list; cleanup: - if (node) - free(node); + free(node); if (list) conf_free_list(list); - if (liststr) - free(liststr); + free(liststr); return 0; } @@ -796,8 +786,7 @@ conf_get_tag_list(char *section) return list; cleanup: - if (node) - free(node); + free(node); if (list) conf_free_list(list); return 0; @@ -810,8 +799,7 @@ conf_free_list(struct conf_list *list) while (node) { TAILQ_REMOVE(&list->fields, node, link); - if (node->field) - free(node->field); + free(node->field); free(node); node = TAILQ_FIRST(&list->fields); } @@ -873,12 +861,9 @@ conf_set(int transaction, char *section, char *tag, char *value, int override, return 0; fail: - if (node->tag) - free(node->tag); - if (node->section) - free(node->section); - if (node) - free(node); + free(node->tag); + free(node->section); + free(node); return 1; } @@ -904,10 +889,8 @@ conf_remove(int transaction, char *section, char *tag) return 0; fail: - if (node->section) - free(node->section); - if (node) - free(node); + free(node->section); + free(node); return 1; } @@ -929,8 +912,7 @@ conf_remove_section(int transaction, char *section) return 0; fail: - if (node) - free(node); + free(node); return 1; } @@ -962,12 +944,9 @@ conf_end(int transaction, int commit) "operation: %d", node->op); } TAILQ_REMOVE(&conf_trans_queue, node, link); - if (node->section) - free(node->section); - if (node->tag) - free(node->tag); - if (node->value) - free(node->value); + free(node->section); + free(node->tag); + free(node->value); free(node); } } @@ -1065,8 +1044,7 @@ mem_fail: log_error("conf_report: malloc/calloc failed"); while ((dnode = dumper) != 0) { dumper = dumper->next; - if (dnode->s) - free(dnode->s); + free(dnode->s); free(dnode); } } diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c index 3ac3deac7a9..f677c99624b 100644 --- a/sbin/isakmpd/connection.c +++ b/sbin/isakmpd/connection.c @@ -1,4 +1,4 @@ -/* $OpenBSD: connection.c,v 1.34 2006/09/01 00:24:06 mpf Exp $ */ +/* $OpenBSD: connection.c,v 1.35 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */ /* @@ -297,8 +297,7 @@ connection_setup(char *name) fail: if (conn) { - if (conn->name) - free(conn->name); + free(conn->name); free(conn); } return -1; @@ -357,10 +356,8 @@ connection_record_passive(char *name) return 0; fail: - if (conn->local_id) - free(conn->local_id); - if (conn->name) - free(conn->name); + free(conn->local_id); + free(conn->name); free(conn); return -1; } diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c index f540bddd87a..1cce615e439 100644 --- a/sbin/isakmpd/exchange.c +++ b/sbin/isakmpd/exchange.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exchange.c,v 1.129 2007/03/03 10:29:18 tom Exp $ */ +/* $OpenBSD: exchange.c,v 1.130 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */ /* @@ -1205,22 +1205,15 @@ exchange_free_aux(void *v_exch) if (exchange->in_transit && exchange->in_transit != exchange->last_sent) message_free(exchange->in_transit); - if (exchange->nonce_i) - free(exchange->nonce_i); - if (exchange->nonce_r) - free(exchange->nonce_r); - if (exchange->id_i) - free(exchange->id_i); - if (exchange->id_r) - free(exchange->id_r); - if (exchange->keystate) - free(exchange->keystate); + free(exchange->nonce_i); + free(exchange->nonce_r); + free(exchange->id_i); + free(exchange->id_r); + free(exchange->keystate); if (exchange->doi && exchange->doi->free_exchange_data) exchange->doi->free_exchange_data(exchange->data); - if (exchange->data) - free(exchange->data); - if (exchange->name) - free(exchange->name); + free(exchange->data); + free(exchange->name); if (exchange->recv_cert) { handler = cert_get(exchange->recv_certtype); if (handler) @@ -1234,8 +1227,7 @@ exchange_free_aux(void *v_exch) if (exchange->recv_key) key_free(exchange->recv_keytype, ISAKMP_KEYTYPE_PUBLIC, exchange->recv_key); - if (exchange->keynote_key) - free(exchange->keynote_key); /* This is just a string */ + free(exchange->keynote_key); /* This is just a string */ if (exchange->policy_id != -1) kn_close(exchange->policy_id); @@ -1642,16 +1634,14 @@ exchange_add_certs(struct message *msg) &certlen)) { log_print("exchange_add_certs: could not obtain cert " "for a type %d cert request", aca->id); - if (cert) - free(cert); + free(cert); return -1; } new_cert = realloc(cert, ISAKMP_CERT_SZ + certlen); if (!new_cert) { log_error("exchange_add_certs: realloc (%p, %d) " "failed", cert, ISAKMP_CERT_SZ + certlen); - if (cert) - free(cert); + free(cert); return -1; } cert = new_cert; diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c index 9395cdde77b..8aee7a564df 100644 --- a/sbin/isakmpd/ike_auth.c +++ b/sbin/isakmpd/ike_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_auth.c,v 1.109 2006/11/24 13:52:14 reyk Exp $ */ +/* $OpenBSD: ike_auth.c,v 1.110 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */ /* @@ -235,8 +235,7 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen) if (!buf2 || kn_decode_key(&dc, buf2, KEYNOTE_PRIVATE_KEY) == -1) { - if (buf2) - free(buf2); + free(buf2); log_print("ike_auth_get_key: failed decoding " "key in \"%s\"", keyfile); free(keyfile); @@ -299,15 +298,13 @@ ignorekeynote: } if (check_file_secrecy_fd(fd, keyfile, &fsize)) { - if (privkeyfile) - free(privkeyfile); + free(privkeyfile); return 0; } if ((keyfp = fdopen(fd, "r")) == NULL) { log_print("ike_auth_get_key: fdopen failed"); - if (privkeyfile) - free(privkeyfile); + free(privkeyfile); return 0; } #if SSLEAY_VERSION_NUMBER >= 0x00904100L @@ -317,8 +314,7 @@ ignorekeynote: #endif fclose(keyfp); - if (privkeyfile) - free(privkeyfile); + free(privkeyfile); if (!rsakey) { log_print("ike_auth_get_key: " @@ -391,8 +387,7 @@ pre_shared_gen_skeyid(struct exchange *exchange, size_t *sz) */ key = ike_auth_get_key(IKE_AUTH_PRE_SHARED, exchange->name, (char *)buf, &keylen); - if (buf) - free(buf); + free(buf); /* Fail if no key could be found. */ if (!key) @@ -755,8 +750,7 @@ rsa_sig_decode_hash(struct message *msg) log_print("rsa_sig_decode_hash: KEY to RSA key " "conversion failed"); - if (rawkey) - free(rawkey); + free(rawkey); } #endif /* USE_DNSSEC */ @@ -1046,8 +1040,7 @@ skipcert: if (sigsize == -1) { log_print("rsa_sig_encode_hash: " "RSA_private_encrypt () failed"); - if (data) - free(data); + free(data); free(buf); RSA_free(sent_key); return -1; diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c index ccbba6130eb..cdbe9536031 100644 --- a/sbin/isakmpd/ike_phase_1.c +++ b/sbin/isakmpd/ike_phase_1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_phase_1.c,v 1.66 2006/07/02 13:19:00 hshoexer Exp $ */ +/* $OpenBSD: ike_phase_1.c,v 1.67 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: ike_phase_1.c,v 1.31 2000/12/11 23:47:56 niklas Exp $ */ /* @@ -377,18 +377,15 @@ ike_phase_1_initiator_send_SA(struct message *msg) return 0; bail_out: - if (sa_buf) - free(sa_buf); - if (proposal) - free(proposal); + free(sa_buf); + free(proposal); if (transform) { for (i = 0; i < conf->cnt; i++) if (transform[i]) free(transform[i]); free(transform); } - if (transform_len) - free(transform_len); + free(transform_len); conf_free_list(conf); return -1; } @@ -1223,8 +1220,7 @@ ike_phase_1_validate_prop(struct exchange *exchange, struct sa *sa, LOG_DBG((LOG_NEGOTIATION, 20, "ike_phase_1_validate_prop: " "success")); conf_free_list(conf); - if (vs.life) - free(vs.life); + free(vs.life); return 1; try_next: @@ -1235,8 +1231,7 @@ try_next: free(node); node = LIST_FIRST(&vs.attrs); } - if (vs.life) - free(vs.life); + free(vs.life); } LOG_DBG((LOG_NEGOTIATION, 20, "ike_phase_1_validate_prop: failure")); diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index 0fe61694afb..cb21c4b67f6 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.99 2006/06/10 21:09:45 msf Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.100 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -352,8 +352,7 @@ policydone: if (principal && principal[i]) free(principal[i]); - if (principal) - free(principal); + free(principal); /* Remove the policies */ for (i = 0; i < policy_asserts_num; i++) { @@ -362,11 +361,9 @@ policydone: keynote_ids[i]); } - if (keynote_ids) - free(keynote_ids); + free(keynote_ids); - if (x509_ids) - free(x509_ids); + free(x509_ids); /* * XXX Currently, check_policy() is only called from @@ -973,21 +970,17 @@ initiator_send_HASH_SA_NONCE(struct message *msg) return 0; bail_out: - if (sa_buf) - free(sa_buf); + free(sa_buf); if (proposal) { for (i = 0; i < prop_no; i++) { - if (proposal[i]) - free(proposal[i]); + free(proposal[i]); if (transform[i]) { for (xf_no = 0; xf_no < transform_cnt[i]; xf_no++) - if (transform[i][xf_no]) - free(transform[i][xf_no]); + free(transform[i][xf_no]); free(transform[i]); } - if (transform_len[i]) - free(transform_len[i]); + free(transform_len[i]); } free(proposal); free(transforms_len); @@ -1148,14 +1141,10 @@ initiator_recv_HASH_SA_NONCE(struct message *msg) "calloc (%lu, %lu) failed", (unsigned long)ie->id_cr_sz, (unsigned long)sizeof(char)); - if (ie->id_ci) { - free(ie->id_ci); - ie->id_ci = 0; - } - if (ie->id_cr) { - free(ie->id_cr); - ie->id_cr = 0; - } + free(ie->id_ci); + ie->id_ci = 0; + free(ie->id_cr); + ie->id_cr = 0; return -1; } if (src->sa_family != dst->sa_family) { @@ -1724,16 +1713,11 @@ cleanup: sa = TAILQ_NEXT(sa, next)) while ((proto = TAILQ_FIRST(&sa->protos)) != 0) proto_free(proto); - if (my_hash) - free(my_hash); - if (ie->id_ci) { - free(ie->id_ci); - ie->id_ci = 0; - } - if (ie->id_cr) { - free(ie->id_cr); - ie->id_cr = 0; - } + free(my_hash); + free(ie->id_ci); + ie->id_ci = 0; + free(ie->id_cr); + ie->id_cr = 0; return -1; } @@ -1945,7 +1929,6 @@ responder_recv_HASH(struct message *msg) return 0; cleanup: - if (my_hash) - free(my_hash); + free(my_hash); return -1; } diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index e53406e1e89..88c563d45e6 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.127 2006/11/24 13:52:14 reyk Exp $ */ +/* $OpenBSD: ipsec.c,v 1.128 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -354,9 +354,8 @@ ipsec_sa_tag(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) error = 0; fail: - if (id_string != NULL) - free(id_string); - if (error != 0 && sa->tag != NULL) { + free(id_string); + if (error != 0) { free(sa->tag); sa->tag = NULL; } @@ -488,14 +487,10 @@ ipsec_finalize_exchange(struct message *msg) isa->tproto, ntohs(isa->sport), ntohs(isa->dport))); - if (addr1) - free(addr1); - if (mask1) - free(mask1); - if (addr2) - free(addr2); - if (mask2) - free(mask2); + free(addr1); + free(mask1); + free(addr2); + free(mask2); /* * If this is not an SA acquired by the @@ -675,30 +670,18 @@ ipsec_free_exchange_data(void *vie) struct ipsec_exch *ie = vie; struct isakmp_cfg_attr *attr; - if (ie->sa_i_b) - free(ie->sa_i_b); - if (ie->id_ci) - free(ie->id_ci); - if (ie->id_cr) - free(ie->id_cr); - if (ie->g_xi) - free(ie->g_xi); - if (ie->g_xr) - free(ie->g_xr); - if (ie->g_xy) - free(ie->g_xy); - if (ie->skeyid) - free(ie->skeyid); - if (ie->skeyid_d) - free(ie->skeyid_d); - if (ie->skeyid_a) - free(ie->skeyid_a); - if (ie->skeyid_e) - free(ie->skeyid_e); - if (ie->hash_i) - free(ie->hash_i); - if (ie->hash_r) - free(ie->hash_r); + free(ie->sa_i_b); + free(ie->id_ci); + free(ie->id_cr); + free(ie->g_xi); + free(ie->g_xr); + free(ie->g_xy); + free(ie->skeyid); + free(ie->skeyid_d); + free(ie->skeyid_a); + free(ie->skeyid_e); + free(ie->hash_i); + free(ie->hash_r); if (ie->group) group_free(ie->group); for (attr = LIST_FIRST(&ie->attrs); attr; @@ -716,18 +699,12 @@ ipsec_free_sa_data(void *visa) { struct ipsec_sa *isa = visa; - if (isa->src_net) - free(isa->src_net); - if (isa->src_mask) - free(isa->src_mask); - if (isa->dst_net) - free(isa->dst_net); - if (isa->dst_mask) - free(isa->dst_mask); - if (isa->skeyid_a) - free(isa->skeyid_a); - if (isa->skeyid_d) - free(isa->skeyid_d); + free(isa->src_net); + free(isa->src_mask); + free(isa->dst_net); + free(isa->dst_mask); + free(isa->skeyid_a); + free(isa->skeyid_d); } /* Free the DOI-specific protocol data of an SA pointed to by VIPROTO. */ @@ -738,8 +715,7 @@ ipsec_free_proto_data(void *viproto) int i; for (i = 0; i < 2; i++) - if (iproto->keymat[i]) - free(iproto->keymat[i]); + free(iproto->keymat[i]); } /* Return exchange script based on TYPE. */ @@ -2077,10 +2053,8 @@ ipsec_decode_id(char *buf, size_t size, u_int8_t *id, size_t id_len, } } else snprintf(buf, size, "<no ipsec id>"); - if (addr) - free(addr); - if (mask) - free(mask); + free(addr); + free(mask); } char * @@ -2154,8 +2128,7 @@ ipsec_build_id(char *section, size_t *sz) int ipsec_clone_id(u_int8_t **did, size_t *did_len, u_int8_t *id, size_t id_len) { - if (*did) - free(*did); + free(*did); if (!id_len || !id) { *did = 0; @@ -2517,14 +2490,11 @@ ipsec_id_string(u_int8_t *id, size_t id_len) goto fail; } - if (addrstr) - free(addrstr); + free(addrstr); return buf; fail: - if (buf) - free(buf); - if (addrstr) - free(addrstr); + free(buf); + free(addrstr); return 0; } diff --git a/sbin/isakmpd/isakmp_cfg.c b/sbin/isakmpd/isakmp_cfg.c index ca2baa6a16c..33279377e61 100644 --- a/sbin/isakmpd/isakmp_cfg.c +++ b/sbin/isakmpd/isakmp_cfg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmp_cfg.c,v 1.37 2005/04/08 22:32:10 cloder Exp $ */ +/* $OpenBSD: isakmp_cfg.c,v 1.38 2007/04/16 13:01:39 moritz Exp $ */ /* * Copyright (c) 2001 Niklas Hallqvist. All rights reserved. @@ -344,8 +344,7 @@ cfg_initiator_send_ATTR(struct message *msg) return 0; fail: - if (id_string) - free(id_string); + free(id_string); return -1; } diff --git a/sbin/isakmpd/math_2n.c b/sbin/isakmpd/math_2n.c index b7f1fed4b14..ccc1aca8668 100644 --- a/sbin/isakmpd/math_2n.c +++ b/sbin/isakmpd/math_2n.c @@ -1,4 +1,4 @@ -/* $OpenBSD: math_2n.c,v 1.25 2006/06/02 19:35:55 hshoexer Exp $ */ +/* $OpenBSD: math_2n.c,v 1.26 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: math_2n.c,v 1.15 1999/04/20 09:23:30 niklas Exp $ */ /* @@ -103,8 +103,7 @@ b2n_init(b2n_ptr n) void b2n_clear(b2n_ptr n) { - if (n->limp) - free(n->limp); + free(n->limp); } int diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c index b9982134b6d..1ce3900cf49 100644 --- a/sbin/isakmpd/message.c +++ b/sbin/isakmpd/message.c @@ -1,4 +1,4 @@ -/* $OpenBSD: message.c,v 1.124 2007/04/15 19:37:46 hshoexer Exp $ */ +/* $OpenBSD: message.c,v 1.125 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */ /* @@ -186,8 +186,7 @@ message_free(struct message *msg) if (msg->orig && msg->orig != (u_int8_t *)msg->iov[0].iov_base) free(msg->orig); for (i = 0; i < msg->iovlen; i++) - if (msg->iov[i].iov_base) - free(msg->iov[i].iov_base); + free(msg->iov[i].iov_base); free(msg->iov); } if (msg->retrans) @@ -1445,8 +1444,7 @@ message_recv(struct message *msg) */ if (GET_ISAKMP_HDR_NEXT_PAYLOAD(buf) != ISAKMP_PAYLOAD_NONE && message_sort_payloads(msg, GET_ISAKMP_HDR_NEXT_PAYLOAD(buf))) { - if (ks) - free(ks); + free(ks); return -1; } /* @@ -1456,8 +1454,7 @@ message_recv(struct message *msg) * XXX Should SAs and even transports be cleaned up then too? */ if (message_validate_payloads(msg)) { - if (ks) - free(ks); + free(ks); return -1; } /* @@ -1467,8 +1464,7 @@ message_recv(struct message *msg) if (!msg->exchange) { log_print("message_recv: no exchange"); message_drop(msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); - if (ks) - free(ks); + free(ks); return -1; } /* @@ -1493,8 +1489,7 @@ message_recv(struct message *msg) exch_type); message_drop(msg, ISAKMP_NOTIFY_INVALID_EXCHANGE_TYPE, 0, 1, 1); - if (ks) - free(ks); + free(ks); return -1; } /* Make sure the IV we used gets saved in the proper SA. */ @@ -1910,8 +1905,7 @@ message_drop(struct message *msg, int notify, struct proto *proto, "%s", address ? address : "<unknown>", htons(port), constant_name(isakmp_notify_cst, notify)); - if (address) - free(address); + free(address); /* If specified, return a notification. */ if (notify) @@ -2441,22 +2435,15 @@ message_add_sa_payload(struct message *msg) return 0; cleanup: - if (sa_buf) - free(sa_buf); + free(sa_buf); for (i = 0; i < nprotos; i++) { - if (transforms[i]) - free(transforms[i]); - if (proposals[i]) - free(proposals[i]); + free(transforms[i]); + free(proposals[i]); } - if (transforms) - free(transforms); - if (transform_lens) - free(transform_lens); - if (proposals) - free(proposals); - if (proposal_lens) - free(proposal_lens); + free(transforms); + free(transform_lens); + free(proposals); + free(proposal_lens); return -1; } diff --git a/sbin/isakmpd/nat_traversal.c b/sbin/isakmpd/nat_traversal.c index e0932372e72..fdb4a73a543 100644 --- a/sbin/isakmpd/nat_traversal.c +++ b/sbin/isakmpd/nat_traversal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nat_traversal.c,v 1.18 2007/02/22 10:01:02 hshoexer Exp $ */ +/* $OpenBSD: nat_traversal.c,v 1.19 2007/04/16 13:01:39 moritz Exp $ */ /* * Copyright (c) 2004 Håkan Olsson. All rights reserved. @@ -131,8 +131,7 @@ nat_t_setup_hashes(void) errout: for (i = 0; i < n; i++) - if (isakmp_nat_t_cap[i].hash) - free(isakmp_nat_t_cap[i].hash); + free(isakmp_nat_t_cap[i].hash); return -1; } diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index edcc44adf46..84a75fb0f33 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.179 2007/04/08 11:20:31 moritz Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.180 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -123,7 +123,7 @@ int pf_key_v2_socket; static struct pf_key_v2_msg * pf_key_v2_msg_new(struct sadb_msg *msg, int flags) { - struct pf_key_v2_node *node = 0; + struct pf_key_v2_node *node; struct pf_key_v2_msg *ret; node = malloc(sizeof *node); @@ -142,8 +142,7 @@ pf_key_v2_msg_new(struct sadb_msg *msg, int flags) return ret; cleanup: - if (node) - free(node); + free(node); return 0; } @@ -321,8 +320,7 @@ pf_key_v2_read(u_int32_t seq) } cleanup: - if (buf) - free(buf); + free(buf); if (ret) pf_key_v2_msg_free(ret); return 0; @@ -393,8 +391,7 @@ pf_key_v2_write(struct pf_key_v2_msg *pmsg) return msg->sadb_msg_seq; cleanup: - if (iov) - free(iov); + free(iov); return 0; } @@ -653,10 +650,8 @@ pf_key_v2_get_spi(size_t *sz, u_int8_t proto, struct sockaddr *src, return spi; cleanup: - if (spi) - free(spi); - if (addr) - free(addr); + free(spi); + free(addr); if (getspi) pf_key_v2_msg_free(getspi); if (ret) @@ -1313,8 +1308,7 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming, sid = 0; nosid: - if (sid) - free(sid); + free(sid); sid = 0; } if (isakmp_sa->id_r) { @@ -1347,8 +1341,7 @@ nosid: sid = 0; nodid: - if (sid) - free(sid); + free(sid); sid = 0; } @@ -1580,8 +1573,7 @@ doneauth: ntohl(ssa.sadb_sa_spi), sa->tag ? " tag " : "", sa->tag ? sa->tag : "")); - if (addr_str) - free(addr_str); + free(addr_str); /* * Although PF_KEY knows about expirations, it is unreliable per the @@ -1617,14 +1609,10 @@ doneauth: return 0; cleanup: - if (sid) - free(sid); - if (addr) - free(addr); - if (life) - free(life); - if (key) - free(key); + free(sid); + free(addr); + free(life); + free(key); if (update) pf_key_v2_msg_free(update); if (ret) @@ -1841,14 +1829,10 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask, raddr_str ? raddr_str : "<??\?>", rmask_str ? rmask_str : "<??\?>", tproto, ntohs(sport), ntohs(dport))); - if (laddr_str) - free(laddr_str); - if (lmask_str) - free(lmask_str); - if (raddr_str) - free(raddr_str); - if (rmask_str) - free(rmask_str); + free(laddr_str); + free(lmask_str); + free(raddr_str); + free(rmask_str); ret = pf_key_v2_call(flow); pf_key_v2_msg_free(flow); @@ -1874,10 +1858,8 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask, return 0; cleanup: - if (sid) - free(sid); - if (addr) - free(addr); + free(sid); + free(addr); if (flow) pf_key_v2_msg_free(flow); if (ret) @@ -2038,10 +2020,8 @@ pf_key_v2_enable_sa(struct sa *sa, struct sa *isakmp_sa) didlen, proto->data); cleanup: - if (sid) - free(sid); - if (did) - free(did); + free(sid); + free(did); return error; } @@ -2303,8 +2283,7 @@ pf_key_v2_delete_spi(struct sa *sa, struct proto *proto, int incoming) return 0; cleanup: - if (addr) - free(addr); + free(addr); if (delete) pf_key_v2_msg_free(delete); if (ret) @@ -2400,8 +2379,7 @@ pf_key_v2_expire(struct pf_key_v2_msg *pmsg) : "HARD", dst_str ? dst_str : "<unknown>", ntohl(ssa->sadb_sa_spi), msg->sadb_msg_satype)); - if (dst_str) - free(dst_str); + free(dst_str); /* * Find the IPsec SA. The IPsec stack has two SAs for every IKE SA, @@ -3314,8 +3292,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) if (!certprint || conf_set(af, peer, "Credentials", certprint, 0, 0)) { - if (certprint) - free(certprint); + free(certprint); conf_end(af, 0); goto fail; } @@ -3479,14 +3456,10 @@ fail: pf_key_v2_msg_free(ret); if (askpolicy) pf_key_v2_msg_free(askpolicy); - if (srcid) - free(srcid); - if (dstid) - free(dstid); - if (peer) - free(peer); - if (conn) - free(conn); + free(srcid); + free(dstid); + free(peer); + free(conn); return; } @@ -3672,8 +3645,7 @@ pf_key_v2_group_spis(struct sa *sa, struct proto *proto1, return 0; cleanup: - if (addr) - free(addr); + free(addr); if (grpspis) pf_key_v2_msg_free(grpspis); if (ret) diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index 2fe0e7fd44b..f525efc47af 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.89 2007/03/03 18:47:37 cloder Exp $ */ +/* $OpenBSD: policy.c,v 1.90 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -188,18 +188,13 @@ policy_callback(char *name) remote_filter_proto = local_filter_proto = ""; remote_id_proto = ""; - if (remote_filter != 0) { - free(remote_filter); - remote_filter = 0; - } - if (local_filter != 0) { - free(local_filter); - local_filter = 0; - } - if (remote_id != 0) { - free(remote_id); - remote_id = 0; - } + free(remote_filter); + remote_filter = 0; + free(local_filter); + local_filter = 0; + free(remote_id); + remote_id = 0; + bzero(remote_ike_address, sizeof remote_ike_address); bzero(local_ike_address, sizeof local_ike_address); bzero(ah_life_kbytes, sizeof ah_life_kbytes); @@ -1985,7 +1980,7 @@ policy_init(void) /* Cleanup */ if (policy_asserts) { for (fd = 0; fd < policy_asserts_num; fd++) - if (policy_asserts && policy_asserts[fd]) + if (policy_asserts) free(policy_asserts[fd]); free(policy_asserts); diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c index 4e73b95ed5f..f8556a04a42 100644 --- a/sbin/isakmpd/sa.c +++ b/sbin/isakmpd/sa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sa.c,v 1.110 2006/11/24 13:52:14 reyk Exp $ */ +/* $OpenBSD: sa.c,v 1.111 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */ /* @@ -766,8 +766,7 @@ proto_free(struct proto *proto) } if (proto->xf_cnt) while ((pa = TAILQ_FIRST(&proto->xfs)) != NULL) { - if (pa->attrs) - free(pa->attrs); + free(pa->attrs); TAILQ_REMOVE(&proto->xfs, pa, next); free(pa); } @@ -837,10 +836,8 @@ sa_release(struct sa *sa) sa->doi->free_sa_data(sa->data); free(sa->data); } - if (sa->id_i) - free(sa->id_i); - if (sa->id_r) - free(sa->id_r); + free(sa->id_i); + free(sa->id_r); if (sa->recv_cert) { handler = cert_get(sa->recv_certtype); if (handler) @@ -854,22 +851,18 @@ sa_release(struct sa *sa) if (sa->recv_key) key_free(sa->recv_keytype, ISAKMP_KEYTYPE_PUBLIC, sa->recv_key); - if (sa->keynote_key) - free(sa->keynote_key); /* This is just a string */ + free(sa->keynote_key); /* This is just a string */ if (sa->policy_id != -1) kn_close(sa->policy_id); - if (sa->name) - free(sa->name); - if (sa->keystate) - free(sa->keystate); + free(sa->name); + free(sa->keystate); if (sa->nat_t_keepalive) timer_remove_event(sa->nat_t_keepalive); if (sa->dpd_event) timer_remove_event(sa->dpd_event); if (sa->transport) transport_release(sa->transport); - if (sa->tag) - free(sa->tag); + free(sa->tag); free(sa); } @@ -1121,8 +1114,7 @@ sa_add_transform(struct sa *sa, struct payload *xf, int initiator, cleanup: if (!initiator) { - if (proto->data) - free(proto->data); + free(proto->data); free(proto); } *protop = 0; diff --git a/sbin/isakmpd/udp.c b/sbin/isakmpd/udp.c index 8b4d939f495..be4aac1e7ac 100644 --- a/sbin/isakmpd/udp.c +++ b/sbin/isakmpd/udp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp.c,v 1.93 2006/02/02 14:33:53 hshoexer Exp $ */ +/* $OpenBSD: udp.c,v 1.94 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: udp.c,v 1.57 2001/01/26 10:09:57 niklas Exp $ */ /* @@ -359,10 +359,8 @@ udp_remove(struct transport *t) struct udp_transport *u = (struct udp_transport *)t; struct transport *p; - if (u->src) - free(u->src); - if (u->dst) - free(u->dst); + free(u->src); + free(u->dst); if ((t->flags & TRANSPORT_LISTEN) && u->s >= 0) close(u->s); @@ -395,10 +393,8 @@ udp_report(struct transport *t) LOG_DBG((LOG_REPORT, 0, "udp_report: fd %d src %s:%u dst %s:%u", u->s, src, ntohs(sport), dst ? dst : "<none>", ntohs(dport))); - if (dst) - free(dst); - if (src) - free(src); + free(dst); + free(src); } /* diff --git a/sbin/isakmpd/udp_encap.c b/sbin/isakmpd/udp_encap.c index 54c4927f582..358e582dc9b 100644 --- a/sbin/isakmpd/udp_encap.c +++ b/sbin/isakmpd/udp_encap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_encap.c,v 1.20 2007/04/15 19:37:46 hshoexer Exp $ */ +/* $OpenBSD: udp_encap.c,v 1.21 2007/04/16 13:01:39 moritz Exp $ */ /* * Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved. @@ -336,10 +336,8 @@ udp_encap_report(struct transport *t) LOG_DBG ((LOG_REPORT, 0, "udp_encap_report: fd %d src %s:%u dst %s:%u", u->s, src, ntohs(sport), dst ? dst : "*", ntohs(dport))); - if (dst) - free(dst); - if (src) - free(src); + free(dst); + free(src); } /* diff --git a/sbin/isakmpd/ui.c b/sbin/isakmpd/ui.c index 75a39a8f32a..291260ee6f2 100644 --- a/sbin/isakmpd/ui.c +++ b/sbin/isakmpd/ui.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ui.c,v 1.52 2006/11/30 11:24:49 markus Exp $ */ +/* $OpenBSD: ui.c,v 1.53 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: ui.c,v 1.43 2000/10/05 09:25:12 niklas Exp $ */ /* @@ -310,8 +310,7 @@ ui_config(char *cmd) ret = v ? asprintf(&nv, "%s,%s", v, vnode->field) : asprintf(&nv, "%s", vnode->field); - if (v) - free(v); + free(v); if (ret == -1) { log_error("ui_config: malloc() failed"); if (trans) diff --git a/sbin/isakmpd/vendor.c b/sbin/isakmpd/vendor.c index 3e927c21f39..b1f49dfaaa9 100644 --- a/sbin/isakmpd/vendor.c +++ b/sbin/isakmpd/vendor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vendor.c,v 1.3 2007/03/26 12:57:43 pedro Exp $ */ +/* $OpenBSD: vendor.c,v 1.4 2007/04/16 13:01:39 moritz Exp $ */ /* * Copyright (c) 2006 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -68,8 +68,7 @@ setup_vendor_hashes(void) errout: for (i = 0; i < n; i++) - if (openbsd_vendor_cap[i].hash) - free(openbsd_vendor_cap[i].hash); + free(openbsd_vendor_cap[i].hash); return -1; } diff --git a/sbin/isakmpd/virtual.c b/sbin/isakmpd/virtual.c index 1a678917236..1b681edc4bc 100644 --- a/sbin/isakmpd/virtual.c +++ b/sbin/isakmpd/virtual.c @@ -1,4 +1,4 @@ -/* $OpenBSD: virtual.c,v 1.27 2007/04/15 19:37:46 hshoexer Exp $ */ +/* $OpenBSD: virtual.c,v 1.28 2007/04/16 13:01:39 moritz Exp $ */ /* * Copyright (c) 2004 Håkan Olsson. All rights reserved. @@ -341,8 +341,7 @@ virtual_bind_if(char *ifname, struct sockaddr *if_addr, void *arg) if_addr->sa_family == AF_INET ? "v4" : (if_addr->sa_family == AF_INET6 ? "v6" : "<unknown>"), addr_str ? addr_str : "<invalid>")); - if (addr_str) - free(addr_str); + free(addr_str); /* * Drop non-Internet stuff. diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c index b126e7a4f55..41cf05a69d2 100644 --- a/sbin/isakmpd/x509.c +++ b/sbin/isakmpd/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.108 2007/03/03 20:03:03 tom Exp $ */ +/* $OpenBSD: x509.c,v 1.109 2007/04/16 13:01:39 moritz Exp $ */ /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */ /* @@ -434,12 +434,9 @@ x509_generate_kn(int id, X509 *cert) return 1; fail: - if (buf) - free(buf); - if (skey) - free(skey); - if (ikey) - free(ikey); + free(buf); + free(skey); + free(ikey); if (key) RSA_free(key); @@ -1004,15 +1001,11 @@ x509_free_aca(void *blob) { struct x509_aca *aca = blob; - if (aca->name1.type) - free(aca->name1.type); - if (aca->name1.val) - free(aca->name1.val); + free(aca->name1.type); + free(aca->name1.val); - if (aca->name2.type) - free(aca->name2.type); - if (aca->name2.val) - free(aca->name2.val); + free(aca->name2.type); + free(aca->name2.val); } X509 * @@ -1232,14 +1225,10 @@ x509_cert_get_subjects(void *scert, int *cnt, u_int8_t ***id, fail: for (i = 0; i < *cnt; i++) - if ((*id)[i]) - free((*id)[i]); - if (*id) - free(*id); - if (*id_len) - free(*id_len); - if (buf) - free(buf); + free((*id)[i]); + free(*id); + free(*id_len); + free(buf); return 0; } |