aboutsummaryrefslogtreecommitdiff
path: root/sys/netipsec/key.c
diff options
context:
space:
mode:
authorSam Leffler <sam@FreeBSD.org>2003-06-29 23:58:38 +0000
committerSam Leffler <sam@FreeBSD.org>2003-06-29 23:58:38 +0000
commit82a6d6aca5cb1b5ab8aeaa41f26f15da53e8a930 (patch)
tree9426ac0036997768ea1a1cd94ab8db49c94199a4 /sys/netipsec/key.c
parente5637075a35acd0f8c92e25eff5cec92328099c1 (diff)
downloadsrc-82a6d6aca5cb1b5ab8aeaa41f26f15da53e8a930.tar.gz
src-82a6d6aca5cb1b5ab8aeaa41f26f15da53e8a930.zip
plug xform memory leaks:
o add missing zeroize op when deleting an SA o don't re-initialize an xform for an SA that already has one Submitted by: Doug Ambrisko <ambrisko@verniernetworks.com> MFC after: 1 day
Notes
Notes: svn path=/head/; revision=117051
Diffstat (limited to 'sys/netipsec/key.c')
-rw-r--r--sys/netipsec/key.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index de0362ef3ba1..9e6e09b2fa9b 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -2751,13 +2751,24 @@ key_delsav(sav)
if (__LIST_CHAINED(sav))
LIST_REMOVE(sav, chain);
+ /*
+ * Cleanup xform state. Note that zeroize'ing causes the
+ * keys to be cleared; otherwise we must do it ourself.
+ */
+ if (sav->tdb_xform != NULL) {
+ sav->tdb_xform->xf_zeroize(sav);
+ sav->tdb_xform = NULL;
+ } else {
+ if (sav->key_auth != NULL)
+ bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
+ if (sav->key_enc != NULL)
+ bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
+ }
if (sav->key_auth != NULL) {
- bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
KFREE(sav->key_auth);
sav->key_auth = NULL;
}
if (sav->key_enc != NULL) {
- bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
KFREE(sav->key_enc);
sav->key_enc = NULL;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-21 02:24:08 +0000