diff options
author | Sam Leffler <sam@FreeBSD.org> | 2003-06-29 23:58:38 +0000 |
---|---|---|
committer | Sam Leffler <sam@FreeBSD.org> | 2003-06-29 23:58:38 +0000 |
commit | 82a6d6aca5cb1b5ab8aeaa41f26f15da53e8a930 (patch) | |
tree | 9426ac0036997768ea1a1cd94ab8db49c94199a4 /sys/netipsec/key.c | |
parent | e5637075a35acd0f8c92e25eff5cec92328099c1 (diff) | |
download | src-82a6d6aca5cb1b5ab8aeaa41f26f15da53e8a930.tar.gz src-82a6d6aca5cb1b5ab8aeaa41f26f15da53e8a930.zip |
plug xform memory leaks:
o add missing zeroize op when deleting an SA
o don't re-initialize an xform for an SA that already has one
Submitted by: Doug Ambrisko <ambrisko@verniernetworks.com>
MFC after: 1 day
Notes
Notes:
svn path=/head/; revision=117051
Diffstat (limited to 'sys/netipsec/key.c')
-rw-r--r-- | sys/netipsec/key.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index de0362ef3ba1..9e6e09b2fa9b 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -2751,13 +2751,24 @@ key_delsav(sav) if (__LIST_CHAINED(sav)) LIST_REMOVE(sav, chain); + /* + * Cleanup xform state. Note that zeroize'ing causes the + * keys to be cleared; otherwise we must do it ourself. + */ + if (sav->tdb_xform != NULL) { + sav->tdb_xform->xf_zeroize(sav); + sav->tdb_xform = NULL; + } else { + if (sav->key_auth != NULL) + bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); + if (sav->key_enc != NULL) + bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc)); + } if (sav->key_auth != NULL) { - bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); KFREE(sav->key_auth); sav->key_auth = NULL; } if (sav->key_enc != NULL) { - bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc)); KFREE(sav->key_enc); sav->key_enc = NULL; } |