summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/isakmpd/conf.c68
-rw-r--r--sbin/isakmpd/connection.c11
-rw-r--r--sbin/isakmpd/exchange.c32
-rw-r--r--sbin/isakmpd/ike_auth.c23
-rw-r--r--sbin/isakmpd/ike_phase_1.c17
-rw-r--r--sbin/isakmpd/ike_quick_mode.c53
-rw-r--r--sbin/isakmpd/ipsec.c94
-rw-r--r--sbin/isakmpd/isakmp_cfg.c5
-rw-r--r--sbin/isakmpd/math_2n.c5
-rw-r--r--sbin/isakmpd/message.c41
-rw-r--r--sbin/isakmpd/nat_traversal.c5
-rw-r--r--sbin/isakmpd/pf_key_v2.c88
-rw-r--r--sbin/isakmpd/policy.c23
-rw-r--r--sbin/isakmpd/sa.c26
-rw-r--r--sbin/isakmpd/udp.c14
-rw-r--r--sbin/isakmpd/udp_encap.c8
-rw-r--r--sbin/isakmpd/ui.c5
-rw-r--r--sbin/isakmpd/vendor.c5
-rw-r--r--sbin/isakmpd/virtual.c5
-rw-r--r--sbin/isakmpd/x509.c35
20 files changed, 196 insertions, 367 deletions
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index 26a90d02a34..c72ae09b99a 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.93 2007/02/19 09:43:34 hshoexer Exp $ */
+/* $OpenBSD: conf.c,v 1.94 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */
/*
@@ -185,18 +185,12 @@ conf_set_now(char *section, char *tag, char *value, int override,
node->tag, node->value));
return 0;
fail:
- if (node->value) {
- free(node->value);
- node->value = NULL;
- }
- if (node->tag) {
- free(node->tag);
- node->tag = NULL;
- }
- if (node->section) {
- free(node->section);
- node->section = NULL;
- }
+ free(node->value);
+ node->value = NULL;
+ free(node->tag);
+ node->tag = NULL;
+ free(node->section);
+ node->section = NULL;
return 1;
}
@@ -221,8 +215,7 @@ conf_parse_line(int trans, char *line, int ln, size_t sz)
for (i = 1; i < sz; i++)
if (line[i] == ']')
break;
- if (section)
- free(section);
+ free(section);
if (i == sz) {
log_print("conf_parse_line: %d:"
"unmatched ']', ignoring until next section", ln);
@@ -629,8 +622,7 @@ conf_reinit(void)
return;
fail:
- if (new_conf_addr)
- free(new_conf_addr);
+ free(new_conf_addr);
close(fd);
}
@@ -760,12 +752,10 @@ conf_get_list(char *section, char *tag)
return list;
cleanup:
- if (node)
- free(node);
+ free(node);
if (list)
conf_free_list(list);
- if (liststr)
- free(liststr);
+ free(liststr);
return 0;
}
@@ -796,8 +786,7 @@ conf_get_tag_list(char *section)
return list;
cleanup:
- if (node)
- free(node);
+ free(node);
if (list)
conf_free_list(list);
return 0;
@@ -810,8 +799,7 @@ conf_free_list(struct conf_list *list)
while (node) {
TAILQ_REMOVE(&list->fields, node, link);
- if (node->field)
- free(node->field);
+ free(node->field);
free(node);
node = TAILQ_FIRST(&list->fields);
}
@@ -873,12 +861,9 @@ conf_set(int transaction, char *section, char *tag, char *value, int override,
return 0;
fail:
- if (node->tag)
- free(node->tag);
- if (node->section)
- free(node->section);
- if (node)
- free(node);
+ free(node->tag);
+ free(node->section);
+ free(node);
return 1;
}
@@ -904,10 +889,8 @@ conf_remove(int transaction, char *section, char *tag)
return 0;
fail:
- if (node->section)
- free(node->section);
- if (node)
- free(node);
+ free(node->section);
+ free(node);
return 1;
}
@@ -929,8 +912,7 @@ conf_remove_section(int transaction, char *section)
return 0;
fail:
- if (node)
- free(node);
+ free(node);
return 1;
}
@@ -962,12 +944,9 @@ conf_end(int transaction, int commit)
"operation: %d", node->op);
}
TAILQ_REMOVE(&conf_trans_queue, node, link);
- if (node->section)
- free(node->section);
- if (node->tag)
- free(node->tag);
- if (node->value)
- free(node->value);
+ free(node->section);
+ free(node->tag);
+ free(node->value);
free(node);
}
}
@@ -1065,8 +1044,7 @@ mem_fail:
log_error("conf_report: malloc/calloc failed");
while ((dnode = dumper) != 0) {
dumper = dumper->next;
- if (dnode->s)
- free(dnode->s);
+ free(dnode->s);
free(dnode);
}
}
diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c
index 3ac3deac7a9..f677c99624b 100644
--- a/sbin/isakmpd/connection.c
+++ b/sbin/isakmpd/connection.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: connection.c,v 1.34 2006/09/01 00:24:06 mpf Exp $ */
+/* $OpenBSD: connection.c,v 1.35 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */
/*
@@ -297,8 +297,7 @@ connection_setup(char *name)
fail:
if (conn) {
- if (conn->name)
- free(conn->name);
+ free(conn->name);
free(conn);
}
return -1;
@@ -357,10 +356,8 @@ connection_record_passive(char *name)
return 0;
fail:
- if (conn->local_id)
- free(conn->local_id);
- if (conn->name)
- free(conn->name);
+ free(conn->local_id);
+ free(conn->name);
free(conn);
return -1;
}
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index f540bddd87a..1cce615e439 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exchange.c,v 1.129 2007/03/03 10:29:18 tom Exp $ */
+/* $OpenBSD: exchange.c,v 1.130 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */
/*
@@ -1205,22 +1205,15 @@ exchange_free_aux(void *v_exch)
if (exchange->in_transit &&
exchange->in_transit != exchange->last_sent)
message_free(exchange->in_transit);
- if (exchange->nonce_i)
- free(exchange->nonce_i);
- if (exchange->nonce_r)
- free(exchange->nonce_r);
- if (exchange->id_i)
- free(exchange->id_i);
- if (exchange->id_r)
- free(exchange->id_r);
- if (exchange->keystate)
- free(exchange->keystate);
+ free(exchange->nonce_i);
+ free(exchange->nonce_r);
+ free(exchange->id_i);
+ free(exchange->id_r);
+ free(exchange->keystate);
if (exchange->doi && exchange->doi->free_exchange_data)
exchange->doi->free_exchange_data(exchange->data);
- if (exchange->data)
- free(exchange->data);
- if (exchange->name)
- free(exchange->name);
+ free(exchange->data);
+ free(exchange->name);
if (exchange->recv_cert) {
handler = cert_get(exchange->recv_certtype);
if (handler)
@@ -1234,8 +1227,7 @@ exchange_free_aux(void *v_exch)
if (exchange->recv_key)
key_free(exchange->recv_keytype, ISAKMP_KEYTYPE_PUBLIC,
exchange->recv_key);
- if (exchange->keynote_key)
- free(exchange->keynote_key); /* This is just a string */
+ free(exchange->keynote_key); /* This is just a string */
if (exchange->policy_id != -1)
kn_close(exchange->policy_id);
@@ -1642,16 +1634,14 @@ exchange_add_certs(struct message *msg)
&certlen)) {
log_print("exchange_add_certs: could not obtain cert "
"for a type %d cert request", aca->id);
- if (cert)
- free(cert);
+ free(cert);
return -1;
}
new_cert = realloc(cert, ISAKMP_CERT_SZ + certlen);
if (!new_cert) {
log_error("exchange_add_certs: realloc (%p, %d) "
"failed", cert, ISAKMP_CERT_SZ + certlen);
- if (cert)
- free(cert);
+ free(cert);
return -1;
}
cert = new_cert;
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index 9395cdde77b..8aee7a564df 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_auth.c,v 1.109 2006/11/24 13:52:14 reyk Exp $ */
+/* $OpenBSD: ike_auth.c,v 1.110 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */
/*
@@ -235,8 +235,7 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
if (!buf2 || kn_decode_key(&dc, buf2,
KEYNOTE_PRIVATE_KEY) == -1) {
- if (buf2)
- free(buf2);
+ free(buf2);
log_print("ike_auth_get_key: failed decoding "
"key in \"%s\"", keyfile);
free(keyfile);
@@ -299,15 +298,13 @@ ignorekeynote:
}
if (check_file_secrecy_fd(fd, keyfile, &fsize)) {
- if (privkeyfile)
- free(privkeyfile);
+ free(privkeyfile);
return 0;
}
if ((keyfp = fdopen(fd, "r")) == NULL) {
log_print("ike_auth_get_key: fdopen failed");
- if (privkeyfile)
- free(privkeyfile);
+ free(privkeyfile);
return 0;
}
#if SSLEAY_VERSION_NUMBER >= 0x00904100L
@@ -317,8 +314,7 @@ ignorekeynote:
#endif
fclose(keyfp);
- if (privkeyfile)
- free(privkeyfile);
+ free(privkeyfile);
if (!rsakey) {
log_print("ike_auth_get_key: "
@@ -391,8 +387,7 @@ pre_shared_gen_skeyid(struct exchange *exchange, size_t *sz)
*/
key = ike_auth_get_key(IKE_AUTH_PRE_SHARED, exchange->name,
(char *)buf, &keylen);
- if (buf)
- free(buf);
+ free(buf);
/* Fail if no key could be found. */
if (!key)
@@ -755,8 +750,7 @@ rsa_sig_decode_hash(struct message *msg)
log_print("rsa_sig_decode_hash: KEY to RSA key "
"conversion failed");
- if (rawkey)
- free(rawkey);
+ free(rawkey);
}
#endif /* USE_DNSSEC */
@@ -1046,8 +1040,7 @@ skipcert:
if (sigsize == -1) {
log_print("rsa_sig_encode_hash: "
"RSA_private_encrypt () failed");
- if (data)
- free(data);
+ free(data);
free(buf);
RSA_free(sent_key);
return -1;
diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c
index ccbba6130eb..cdbe9536031 100644
--- a/sbin/isakmpd/ike_phase_1.c
+++ b/sbin/isakmpd/ike_phase_1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_phase_1.c,v 1.66 2006/07/02 13:19:00 hshoexer Exp $ */
+/* $OpenBSD: ike_phase_1.c,v 1.67 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: ike_phase_1.c,v 1.31 2000/12/11 23:47:56 niklas Exp $ */
/*
@@ -377,18 +377,15 @@ ike_phase_1_initiator_send_SA(struct message *msg)
return 0;
bail_out:
- if (sa_buf)
- free(sa_buf);
- if (proposal)
- free(proposal);
+ free(sa_buf);
+ free(proposal);
if (transform) {
for (i = 0; i < conf->cnt; i++)
if (transform[i])
free(transform[i]);
free(transform);
}
- if (transform_len)
- free(transform_len);
+ free(transform_len);
conf_free_list(conf);
return -1;
}
@@ -1223,8 +1220,7 @@ ike_phase_1_validate_prop(struct exchange *exchange, struct sa *sa,
LOG_DBG((LOG_NEGOTIATION, 20, "ike_phase_1_validate_prop: "
"success"));
conf_free_list(conf);
- if (vs.life)
- free(vs.life);
+ free(vs.life);
return 1;
try_next:
@@ -1235,8 +1231,7 @@ try_next:
free(node);
node = LIST_FIRST(&vs.attrs);
}
- if (vs.life)
- free(vs.life);
+ free(vs.life);
}
LOG_DBG((LOG_NEGOTIATION, 20, "ike_phase_1_validate_prop: failure"));
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index 0fe61694afb..cb21c4b67f6 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_quick_mode.c,v 1.99 2006/06/10 21:09:45 msf Exp $ */
+/* $OpenBSD: ike_quick_mode.c,v 1.100 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */
/*
@@ -352,8 +352,7 @@ policydone:
if (principal && principal[i])
free(principal[i]);
- if (principal)
- free(principal);
+ free(principal);
/* Remove the policies */
for (i = 0; i < policy_asserts_num; i++) {
@@ -362,11 +361,9 @@ policydone:
keynote_ids[i]);
}
- if (keynote_ids)
- free(keynote_ids);
+ free(keynote_ids);
- if (x509_ids)
- free(x509_ids);
+ free(x509_ids);
/*
* XXX Currently, check_policy() is only called from
@@ -973,21 +970,17 @@ initiator_send_HASH_SA_NONCE(struct message *msg)
return 0;
bail_out:
- if (sa_buf)
- free(sa_buf);
+ free(sa_buf);
if (proposal) {
for (i = 0; i < prop_no; i++) {
- if (proposal[i])
- free(proposal[i]);
+ free(proposal[i]);
if (transform[i]) {
for (xf_no = 0; xf_no < transform_cnt[i];
xf_no++)
- if (transform[i][xf_no])
- free(transform[i][xf_no]);
+ free(transform[i][xf_no]);
free(transform[i]);
}
- if (transform_len[i])
- free(transform_len[i]);
+ free(transform_len[i]);
}
free(proposal);
free(transforms_len);
@@ -1148,14 +1141,10 @@ initiator_recv_HASH_SA_NONCE(struct message *msg)
"calloc (%lu, %lu) failed",
(unsigned long)ie->id_cr_sz,
(unsigned long)sizeof(char));
- if (ie->id_ci) {
- free(ie->id_ci);
- ie->id_ci = 0;
- }
- if (ie->id_cr) {
- free(ie->id_cr);
- ie->id_cr = 0;
- }
+ free(ie->id_ci);
+ ie->id_ci = 0;
+ free(ie->id_cr);
+ ie->id_cr = 0;
return -1;
}
if (src->sa_family != dst->sa_family) {
@@ -1724,16 +1713,11 @@ cleanup:
sa = TAILQ_NEXT(sa, next))
while ((proto = TAILQ_FIRST(&sa->protos)) != 0)
proto_free(proto);
- if (my_hash)
- free(my_hash);
- if (ie->id_ci) {
- free(ie->id_ci);
- ie->id_ci = 0;
- }
- if (ie->id_cr) {
- free(ie->id_cr);
- ie->id_cr = 0;
- }
+ free(my_hash);
+ free(ie->id_ci);
+ ie->id_ci = 0;
+ free(ie->id_cr);
+ ie->id_cr = 0;
return -1;
}
@@ -1945,7 +1929,6 @@ responder_recv_HASH(struct message *msg)
return 0;
cleanup:
- if (my_hash)
- free(my_hash);
+ free(my_hash);
return -1;
}
diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c
index e53406e1e89..88c563d45e6 100644
--- a/sbin/isakmpd/ipsec.c
+++ b/sbin/isakmpd/ipsec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec.c,v 1.127 2006/11/24 13:52:14 reyk Exp $ */
+/* $OpenBSD: ipsec.c,v 1.128 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */
/*
@@ -354,9 +354,8 @@ ipsec_sa_tag(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
error = 0;
fail:
- if (id_string != NULL)
- free(id_string);
- if (error != 0 && sa->tag != NULL) {
+ free(id_string);
+ if (error != 0) {
free(sa->tag);
sa->tag = NULL;
}
@@ -488,14 +487,10 @@ ipsec_finalize_exchange(struct message *msg)
isa->tproto, ntohs(isa->sport),
ntohs(isa->dport)));
- if (addr1)
- free(addr1);
- if (mask1)
- free(mask1);
- if (addr2)
- free(addr2);
- if (mask2)
- free(mask2);
+ free(addr1);
+ free(mask1);
+ free(addr2);
+ free(mask2);
/*
* If this is not an SA acquired by the
@@ -675,30 +670,18 @@ ipsec_free_exchange_data(void *vie)
struct ipsec_exch *ie = vie;
struct isakmp_cfg_attr *attr;
- if (ie->sa_i_b)
- free(ie->sa_i_b);
- if (ie->id_ci)
- free(ie->id_ci);
- if (ie->id_cr)
- free(ie->id_cr);
- if (ie->g_xi)
- free(ie->g_xi);
- if (ie->g_xr)
- free(ie->g_xr);
- if (ie->g_xy)
- free(ie->g_xy);
- if (ie->skeyid)
- free(ie->skeyid);
- if (ie->skeyid_d)
- free(ie->skeyid_d);
- if (ie->skeyid_a)
- free(ie->skeyid_a);
- if (ie->skeyid_e)
- free(ie->skeyid_e);
- if (ie->hash_i)
- free(ie->hash_i);
- if (ie->hash_r)
- free(ie->hash_r);
+ free(ie->sa_i_b);
+ free(ie->id_ci);
+ free(ie->id_cr);
+ free(ie->g_xi);
+ free(ie->g_xr);
+ free(ie->g_xy);
+ free(ie->skeyid);
+ free(ie->skeyid_d);
+ free(ie->skeyid_a);
+ free(ie->skeyid_e);
+ free(ie->hash_i);
+ free(ie->hash_r);
if (ie->group)
group_free(ie->group);
for (attr = LIST_FIRST(&ie->attrs); attr;
@@ -716,18 +699,12 @@ ipsec_free_sa_data(void *visa)
{
struct ipsec_sa *isa = visa;
- if (isa->src_net)
- free(isa->src_net);
- if (isa->src_mask)
- free(isa->src_mask);
- if (isa->dst_net)
- free(isa->dst_net);
- if (isa->dst_mask)
- free(isa->dst_mask);
- if (isa->skeyid_a)
- free(isa->skeyid_a);
- if (isa->skeyid_d)
- free(isa->skeyid_d);
+ free(isa->src_net);
+ free(isa->src_mask);
+ free(isa->dst_net);
+ free(isa->dst_mask);
+ free(isa->skeyid_a);
+ free(isa->skeyid_d);
}
/* Free the DOI-specific protocol data of an SA pointed to by VIPROTO. */
@@ -738,8 +715,7 @@ ipsec_free_proto_data(void *viproto)
int i;
for (i = 0; i < 2; i++)
- if (iproto->keymat[i])
- free(iproto->keymat[i]);
+ free(iproto->keymat[i]);
}
/* Return exchange script based on TYPE. */
@@ -2077,10 +2053,8 @@ ipsec_decode_id(char *buf, size_t size, u_int8_t *id, size_t id_len,
}
} else
snprintf(buf, size, "<no ipsec id>");
- if (addr)
- free(addr);
- if (mask)
- free(mask);
+ free(addr);
+ free(mask);
}
char *
@@ -2154,8 +2128,7 @@ ipsec_build_id(char *section, size_t *sz)
int
ipsec_clone_id(u_int8_t **did, size_t *did_len, u_int8_t *id, size_t id_len)
{
- if (*did)
- free(*did);
+ free(*did);
if (!id_len || !id) {
*did = 0;
@@ -2517,14 +2490,11 @@ ipsec_id_string(u_int8_t *id, size_t id_len)
goto fail;
}
- if (addrstr)
- free(addrstr);
+ free(addrstr);
return buf;
fail:
- if (buf)
- free(buf);
- if (addrstr)
- free(addrstr);
+ free(buf);
+ free(addrstr);
return 0;
}
diff --git a/sbin/isakmpd/isakmp_cfg.c b/sbin/isakmpd/isakmp_cfg.c
index ca2baa6a16c..33279377e61 100644
--- a/sbin/isakmpd/isakmp_cfg.c
+++ b/sbin/isakmpd/isakmp_cfg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: isakmp_cfg.c,v 1.37 2005/04/08 22:32:10 cloder Exp $ */
+/* $OpenBSD: isakmp_cfg.c,v 1.38 2007/04/16 13:01:39 moritz Exp $ */
/*
* Copyright (c) 2001 Niklas Hallqvist. All rights reserved.
@@ -344,8 +344,7 @@ cfg_initiator_send_ATTR(struct message *msg)
return 0;
fail:
- if (id_string)
- free(id_string);
+ free(id_string);
return -1;
}
diff --git a/sbin/isakmpd/math_2n.c b/sbin/isakmpd/math_2n.c
index b7f1fed4b14..ccc1aca8668 100644
--- a/sbin/isakmpd/math_2n.c
+++ b/sbin/isakmpd/math_2n.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: math_2n.c,v 1.25 2006/06/02 19:35:55 hshoexer Exp $ */
+/* $OpenBSD: math_2n.c,v 1.26 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: math_2n.c,v 1.15 1999/04/20 09:23:30 niklas Exp $ */
/*
@@ -103,8 +103,7 @@ b2n_init(b2n_ptr n)
void
b2n_clear(b2n_ptr n)
{
- if (n->limp)
- free(n->limp);
+ free(n->limp);
}
int
diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c
index b9982134b6d..1ce3900cf49 100644
--- a/sbin/isakmpd/message.c
+++ b/sbin/isakmpd/message.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: message.c,v 1.124 2007/04/15 19:37:46 hshoexer Exp $ */
+/* $OpenBSD: message.c,v 1.125 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */
/*
@@ -186,8 +186,7 @@ message_free(struct message *msg)
if (msg->orig && msg->orig != (u_int8_t *)msg->iov[0].iov_base)
free(msg->orig);
for (i = 0; i < msg->iovlen; i++)
- if (msg->iov[i].iov_base)
- free(msg->iov[i].iov_base);
+ free(msg->iov[i].iov_base);
free(msg->iov);
}
if (msg->retrans)
@@ -1445,8 +1444,7 @@ message_recv(struct message *msg)
*/
if (GET_ISAKMP_HDR_NEXT_PAYLOAD(buf) != ISAKMP_PAYLOAD_NONE &&
message_sort_payloads(msg, GET_ISAKMP_HDR_NEXT_PAYLOAD(buf))) {
- if (ks)
- free(ks);
+ free(ks);
return -1;
}
/*
@@ -1456,8 +1454,7 @@ message_recv(struct message *msg)
* XXX Should SAs and even transports be cleaned up then too?
*/
if (message_validate_payloads(msg)) {
- if (ks)
- free(ks);
+ free(ks);
return -1;
}
/*
@@ -1467,8 +1464,7 @@ message_recv(struct message *msg)
if (!msg->exchange) {
log_print("message_recv: no exchange");
message_drop(msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
- if (ks)
- free(ks);
+ free(ks);
return -1;
}
/*
@@ -1493,8 +1489,7 @@ message_recv(struct message *msg)
exch_type);
message_drop(msg, ISAKMP_NOTIFY_INVALID_EXCHANGE_TYPE, 0, 1,
1);
- if (ks)
- free(ks);
+ free(ks);
return -1;
}
/* Make sure the IV we used gets saved in the proper SA. */
@@ -1910,8 +1905,7 @@ message_drop(struct message *msg, int notify, struct proto *proto,
"%s", address ? address : "<unknown>", htons(port),
constant_name(isakmp_notify_cst, notify));
- if (address)
- free(address);
+ free(address);
/* If specified, return a notification. */
if (notify)
@@ -2441,22 +2435,15 @@ message_add_sa_payload(struct message *msg)
return 0;
cleanup:
- if (sa_buf)
- free(sa_buf);
+ free(sa_buf);
for (i = 0; i < nprotos; i++) {
- if (transforms[i])
- free(transforms[i]);
- if (proposals[i])
- free(proposals[i]);
+ free(transforms[i]);
+ free(proposals[i]);
}
- if (transforms)
- free(transforms);
- if (transform_lens)
- free(transform_lens);
- if (proposals)
- free(proposals);
- if (proposal_lens)
- free(proposal_lens);
+ free(transforms);
+ free(transform_lens);
+ free(proposals);
+ free(proposal_lens);
return -1;
}
diff --git a/sbin/isakmpd/nat_traversal.c b/sbin/isakmpd/nat_traversal.c
index e0932372e72..fdb4a73a543 100644
--- a/sbin/isakmpd/nat_traversal.c
+++ b/sbin/isakmpd/nat_traversal.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nat_traversal.c,v 1.18 2007/02/22 10:01:02 hshoexer Exp $ */
+/* $OpenBSD: nat_traversal.c,v 1.19 2007/04/16 13:01:39 moritz Exp $ */
/*
* Copyright (c) 2004 Håkan Olsson. All rights reserved.
@@ -131,8 +131,7 @@ nat_t_setup_hashes(void)
errout:
for (i = 0; i < n; i++)
- if (isakmp_nat_t_cap[i].hash)
- free(isakmp_nat_t_cap[i].hash);
+ free(isakmp_nat_t_cap[i].hash);
return -1;
}
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index edcc44adf46..84a75fb0f33 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.179 2007/04/08 11:20:31 moritz Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.180 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -123,7 +123,7 @@ int pf_key_v2_socket;
static struct pf_key_v2_msg *
pf_key_v2_msg_new(struct sadb_msg *msg, int flags)
{
- struct pf_key_v2_node *node = 0;
+ struct pf_key_v2_node *node;
struct pf_key_v2_msg *ret;
node = malloc(sizeof *node);
@@ -142,8 +142,7 @@ pf_key_v2_msg_new(struct sadb_msg *msg, int flags)
return ret;
cleanup:
- if (node)
- free(node);
+ free(node);
return 0;
}
@@ -321,8 +320,7 @@ pf_key_v2_read(u_int32_t seq)
}
cleanup:
- if (buf)
- free(buf);
+ free(buf);
if (ret)
pf_key_v2_msg_free(ret);
return 0;
@@ -393,8 +391,7 @@ pf_key_v2_write(struct pf_key_v2_msg *pmsg)
return msg->sadb_msg_seq;
cleanup:
- if (iov)
- free(iov);
+ free(iov);
return 0;
}
@@ -653,10 +650,8 @@ pf_key_v2_get_spi(size_t *sz, u_int8_t proto, struct sockaddr *src,
return spi;
cleanup:
- if (spi)
- free(spi);
- if (addr)
- free(addr);
+ free(spi);
+ free(addr);
if (getspi)
pf_key_v2_msg_free(getspi);
if (ret)
@@ -1313,8 +1308,7 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming,
sid = 0;
nosid:
- if (sid)
- free(sid);
+ free(sid);
sid = 0;
}
if (isakmp_sa->id_r) {
@@ -1347,8 +1341,7 @@ nosid:
sid = 0;
nodid:
- if (sid)
- free(sid);
+ free(sid);
sid = 0;
}
@@ -1580,8 +1573,7 @@ doneauth:
ntohl(ssa.sadb_sa_spi), sa->tag ? " tag " : "",
sa->tag ? sa->tag : ""));
- if (addr_str)
- free(addr_str);
+ free(addr_str);
/*
* Although PF_KEY knows about expirations, it is unreliable per the
@@ -1617,14 +1609,10 @@ doneauth:
return 0;
cleanup:
- if (sid)
- free(sid);
- if (addr)
- free(addr);
- if (life)
- free(life);
- if (key)
- free(key);
+ free(sid);
+ free(addr);
+ free(life);
+ free(key);
if (update)
pf_key_v2_msg_free(update);
if (ret)
@@ -1841,14 +1829,10 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask,
raddr_str ? raddr_str : "<??\?>", rmask_str ? rmask_str : "<??\?>",
tproto, ntohs(sport), ntohs(dport)));
- if (laddr_str)
- free(laddr_str);
- if (lmask_str)
- free(lmask_str);
- if (raddr_str)
- free(raddr_str);
- if (rmask_str)
- free(rmask_str);
+ free(laddr_str);
+ free(lmask_str);
+ free(raddr_str);
+ free(rmask_str);
ret = pf_key_v2_call(flow);
pf_key_v2_msg_free(flow);
@@ -1874,10 +1858,8 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask,
return 0;
cleanup:
- if (sid)
- free(sid);
- if (addr)
- free(addr);
+ free(sid);
+ free(addr);
if (flow)
pf_key_v2_msg_free(flow);
if (ret)
@@ -2038,10 +2020,8 @@ pf_key_v2_enable_sa(struct sa *sa, struct sa *isakmp_sa)
didlen, proto->data);
cleanup:
- if (sid)
- free(sid);
- if (did)
- free(did);
+ free(sid);
+ free(did);
return error;
}
@@ -2303,8 +2283,7 @@ pf_key_v2_delete_spi(struct sa *sa, struct proto *proto, int incoming)
return 0;
cleanup:
- if (addr)
- free(addr);
+ free(addr);
if (delete)
pf_key_v2_msg_free(delete);
if (ret)
@@ -2400,8 +2379,7 @@ pf_key_v2_expire(struct pf_key_v2_msg *pmsg)
: "HARD", dst_str ? dst_str : "<unknown>",
ntohl(ssa->sadb_sa_spi), msg->sadb_msg_satype));
- if (dst_str)
- free(dst_str);
+ free(dst_str);
/*
* Find the IPsec SA. The IPsec stack has two SAs for every IKE SA,
@@ -3314,8 +3292,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
if (!certprint ||
conf_set(af, peer, "Credentials", certprint, 0,
0)) {
- if (certprint)
- free(certprint);
+ free(certprint);
conf_end(af, 0);
goto fail;
}
@@ -3479,14 +3456,10 @@ fail:
pf_key_v2_msg_free(ret);
if (askpolicy)
pf_key_v2_msg_free(askpolicy);
- if (srcid)
- free(srcid);
- if (dstid)
- free(dstid);
- if (peer)
- free(peer);
- if (conn)
- free(conn);
+ free(srcid);
+ free(dstid);
+ free(peer);
+ free(conn);
return;
}
@@ -3672,8 +3645,7 @@ pf_key_v2_group_spis(struct sa *sa, struct proto *proto1,
return 0;
cleanup:
- if (addr)
- free(addr);
+ free(addr);
if (grpspis)
pf_key_v2_msg_free(grpspis);
if (ret)
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index 2fe0e7fd44b..f525efc47af 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.89 2007/03/03 18:47:37 cloder Exp $ */
+/* $OpenBSD: policy.c,v 1.90 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
/*
@@ -188,18 +188,13 @@ policy_callback(char *name)
remote_filter_proto = local_filter_proto = "";
remote_id_proto = "";
- if (remote_filter != 0) {
- free(remote_filter);
- remote_filter = 0;
- }
- if (local_filter != 0) {
- free(local_filter);
- local_filter = 0;
- }
- if (remote_id != 0) {
- free(remote_id);
- remote_id = 0;
- }
+ free(remote_filter);
+ remote_filter = 0;
+ free(local_filter);
+ local_filter = 0;
+ free(remote_id);
+ remote_id = 0;
+
bzero(remote_ike_address, sizeof remote_ike_address);
bzero(local_ike_address, sizeof local_ike_address);
bzero(ah_life_kbytes, sizeof ah_life_kbytes);
@@ -1985,7 +1980,7 @@ policy_init(void)
/* Cleanup */
if (policy_asserts) {
for (fd = 0; fd < policy_asserts_num; fd++)
- if (policy_asserts && policy_asserts[fd])
+ if (policy_asserts)
free(policy_asserts[fd]);
free(policy_asserts);
diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index 4e73b95ed5f..f8556a04a42 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.110 2006/11/24 13:52:14 reyk Exp $ */
+/* $OpenBSD: sa.c,v 1.111 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */
/*
@@ -766,8 +766,7 @@ proto_free(struct proto *proto)
}
if (proto->xf_cnt)
while ((pa = TAILQ_FIRST(&proto->xfs)) != NULL) {
- if (pa->attrs)
- free(pa->attrs);
+ free(pa->attrs);
TAILQ_REMOVE(&proto->xfs, pa, next);
free(pa);
}
@@ -837,10 +836,8 @@ sa_release(struct sa *sa)
sa->doi->free_sa_data(sa->data);
free(sa->data);
}
- if (sa->id_i)
- free(sa->id_i);
- if (sa->id_r)
- free(sa->id_r);
+ free(sa->id_i);
+ free(sa->id_r);
if (sa->recv_cert) {
handler = cert_get(sa->recv_certtype);
if (handler)
@@ -854,22 +851,18 @@ sa_release(struct sa *sa)
if (sa->recv_key)
key_free(sa->recv_keytype, ISAKMP_KEYTYPE_PUBLIC,
sa->recv_key);
- if (sa->keynote_key)
- free(sa->keynote_key); /* This is just a string */
+ free(sa->keynote_key); /* This is just a string */
if (sa->policy_id != -1)
kn_close(sa->policy_id);
- if (sa->name)
- free(sa->name);
- if (sa->keystate)
- free(sa->keystate);
+ free(sa->name);
+ free(sa->keystate);
if (sa->nat_t_keepalive)
timer_remove_event(sa->nat_t_keepalive);
if (sa->dpd_event)
timer_remove_event(sa->dpd_event);
if (sa->transport)
transport_release(sa->transport);
- if (sa->tag)
- free(sa->tag);
+ free(sa->tag);
free(sa);
}
@@ -1121,8 +1114,7 @@ sa_add_transform(struct sa *sa, struct payload *xf, int initiator,
cleanup:
if (!initiator) {
- if (proto->data)
- free(proto->data);
+ free(proto->data);
free(proto);
}
*protop = 0;
diff --git a/sbin/isakmpd/udp.c b/sbin/isakmpd/udp.c
index 8b4d939f495..be4aac1e7ac 100644
--- a/sbin/isakmpd/udp.c
+++ b/sbin/isakmpd/udp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp.c,v 1.93 2006/02/02 14:33:53 hshoexer Exp $ */
+/* $OpenBSD: udp.c,v 1.94 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: udp.c,v 1.57 2001/01/26 10:09:57 niklas Exp $ */
/*
@@ -359,10 +359,8 @@ udp_remove(struct transport *t)
struct udp_transport *u = (struct udp_transport *)t;
struct transport *p;
- if (u->src)
- free(u->src);
- if (u->dst)
- free(u->dst);
+ free(u->src);
+ free(u->dst);
if ((t->flags & TRANSPORT_LISTEN) && u->s >= 0)
close(u->s);
@@ -395,10 +393,8 @@ udp_report(struct transport *t)
LOG_DBG((LOG_REPORT, 0, "udp_report: fd %d src %s:%u dst %s:%u", u->s,
src, ntohs(sport), dst ? dst : "<none>", ntohs(dport)));
- if (dst)
- free(dst);
- if (src)
- free(src);
+ free(dst);
+ free(src);
}
/*
diff --git a/sbin/isakmpd/udp_encap.c b/sbin/isakmpd/udp_encap.c
index 54c4927f582..358e582dc9b 100644
--- a/sbin/isakmpd/udp_encap.c
+++ b/sbin/isakmpd/udp_encap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp_encap.c,v 1.20 2007/04/15 19:37:46 hshoexer Exp $ */
+/* $OpenBSD: udp_encap.c,v 1.21 2007/04/16 13:01:39 moritz Exp $ */
/*
* Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved.
@@ -336,10 +336,8 @@ udp_encap_report(struct transport *t)
LOG_DBG ((LOG_REPORT, 0, "udp_encap_report: fd %d src %s:%u dst %s:%u",
u->s, src, ntohs(sport), dst ? dst : "*", ntohs(dport)));
- if (dst)
- free(dst);
- if (src)
- free(src);
+ free(dst);
+ free(src);
}
/*
diff --git a/sbin/isakmpd/ui.c b/sbin/isakmpd/ui.c
index 75a39a8f32a..291260ee6f2 100644
--- a/sbin/isakmpd/ui.c
+++ b/sbin/isakmpd/ui.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ui.c,v 1.52 2006/11/30 11:24:49 markus Exp $ */
+/* $OpenBSD: ui.c,v 1.53 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: ui.c,v 1.43 2000/10/05 09:25:12 niklas Exp $ */
/*
@@ -310,8 +310,7 @@ ui_config(char *cmd)
ret = v ?
asprintf(&nv, "%s,%s", v, vnode->field) :
asprintf(&nv, "%s", vnode->field);
- if (v)
- free(v);
+ free(v);
if (ret == -1) {
log_error("ui_config: malloc() failed");
if (trans)
diff --git a/sbin/isakmpd/vendor.c b/sbin/isakmpd/vendor.c
index 3e927c21f39..b1f49dfaaa9 100644
--- a/sbin/isakmpd/vendor.c
+++ b/sbin/isakmpd/vendor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vendor.c,v 1.3 2007/03/26 12:57:43 pedro Exp $ */
+/* $OpenBSD: vendor.c,v 1.4 2007/04/16 13:01:39 moritz Exp $ */
/*
* Copyright (c) 2006 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -68,8 +68,7 @@ setup_vendor_hashes(void)
errout:
for (i = 0; i < n; i++)
- if (openbsd_vendor_cap[i].hash)
- free(openbsd_vendor_cap[i].hash);
+ free(openbsd_vendor_cap[i].hash);
return -1;
}
diff --git a/sbin/isakmpd/virtual.c b/sbin/isakmpd/virtual.c
index 1a678917236..1b681edc4bc 100644
--- a/sbin/isakmpd/virtual.c
+++ b/sbin/isakmpd/virtual.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: virtual.c,v 1.27 2007/04/15 19:37:46 hshoexer Exp $ */
+/* $OpenBSD: virtual.c,v 1.28 2007/04/16 13:01:39 moritz Exp $ */
/*
* Copyright (c) 2004 Håkan Olsson. All rights reserved.
@@ -341,8 +341,7 @@ virtual_bind_if(char *ifname, struct sockaddr *if_addr, void *arg)
if_addr->sa_family == AF_INET ? "v4" :
(if_addr->sa_family == AF_INET6 ? "v6" : "<unknown>"),
addr_str ? addr_str : "<invalid>"));
- if (addr_str)
- free(addr_str);
+ free(addr_str);
/*
* Drop non-Internet stuff.
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index b126e7a4f55..41cf05a69d2 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.108 2007/03/03 20:03:03 tom Exp $ */
+/* $OpenBSD: x509.c,v 1.109 2007/04/16 13:01:39 moritz Exp $ */
/* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */
/*
@@ -434,12 +434,9 @@ x509_generate_kn(int id, X509 *cert)
return 1;
fail:
- if (buf)
- free(buf);
- if (skey)
- free(skey);
- if (ikey)
- free(ikey);
+ free(buf);
+ free(skey);
+ free(ikey);
if (key)
RSA_free(key);
@@ -1004,15 +1001,11 @@ x509_free_aca(void *blob)
{
struct x509_aca *aca = blob;
- if (aca->name1.type)
- free(aca->name1.type);
- if (aca->name1.val)
- free(aca->name1.val);
+ free(aca->name1.type);
+ free(aca->name1.val);
- if (aca->name2.type)
- free(aca->name2.type);
- if (aca->name2.val)
- free(aca->name2.val);
+ free(aca->name2.type);
+ free(aca->name2.val);
}
X509 *
@@ -1232,14 +1225,10 @@ x509_cert_get_subjects(void *scert, int *cnt, u_int8_t ***id,
fail:
for (i = 0; i < *cnt; i++)
- if ((*id)[i])
- free((*id)[i]);
- if (*id)
- free(*id);
- if (*id_len)
- free(*id_len);
- if (buf)
- free(buf);
+ free((*id)[i]);
+ free(*id);
+ free(*id_len);
+ free(buf);
return 0;
}