summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2020-09-10 13:54:49 +0200
committerAndrew Yourtchenko <ayourtch@gmail.com>2020-09-15 08:35:37 +0000
commitc13aab8ca1d6fcf0e662628433cafda85dc591bd (patch)
treec996f20f93609e086e73de3081705e7b4244dfe2 /src
parentcb94290d5f5aeec35ea3015ce19ac246b8479046 (diff)
ikev2: fix memory leaks
- make sure everything is freed on cleanup - reuse already allocated vectors where possible Type: fix Change-Id: Ibd8da1edb37126522dc2d525596521d32dceb73a Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 730cec8c0697627cc1fb6a34acd094c77ba07622)
Diffstat (limited to 'src')
-rw-r--r--src/plugins/ikev2/ikev2.c27
1 files changed, 20 insertions, 7 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index a9e78a3dfc3..57eea010109 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -296,9 +296,12 @@ static void
ikev2_sa_free_all_vec (ikev2_sa_t * sa)
{
vec_free (sa->i_nonce);
- vec_free (sa->i_dh_data);
+ vec_free (sa->r_nonce);
+
vec_free (sa->dh_shared_key);
vec_free (sa->dh_private_key);
+ vec_free (sa->i_dh_data);
+ vec_free (sa->r_dh_data);
ikev2_sa_free_proposal_vector (&sa->r_proposals);
ikev2_sa_free_proposal_vector (&sa->i_proposals);
@@ -312,14 +315,24 @@ ikev2_sa_free_all_vec (ikev2_sa_t * sa)
vec_free (sa->sk_pr);
vec_free (sa->i_id.data);
- vec_free (sa->i_auth.data);
vec_free (sa->r_id.data);
+
+ vec_free (sa->i_auth.data);
+ if (sa->r_auth.key)
+ EVP_PKEY_free (sa->i_auth.key);
vec_free (sa->r_auth.data);
if (sa->r_auth.key)
EVP_PKEY_free (sa->r_auth.key);
vec_free (sa->del);
+ vec_free (sa->rekey);
+
+ vec_free (sa->last_sa_init_req_packet_data);
+ vec_free (sa->last_sa_init_res_packet_data);
+
+ vec_free (sa->last_res_packet_data);
+
ikev2_sa_free_all_child_sa (&sa->childs);
}
@@ -641,7 +654,7 @@ ikev2_process_sa_init_req (vlib_main_t * vm, ikev2_sa_t * sa,
sa->ispi = clib_net_to_host_u64 (ike->ispi);
/* store whole IKE payload - needed for PSK auth */
- vec_free (sa->last_sa_init_req_packet_data);
+ vec_reset_length (sa->last_sa_init_req_packet_data);
vec_add (sa->last_sa_init_req_packet_data, ike, len);
while (p < len && payload != IKEV2_PAYLOAD_NONE)
@@ -743,7 +756,7 @@ ikev2_process_sa_init_resp (vlib_main_t * vm, ikev2_sa_t * sa,
sa->raddr.as_u32);
/* store whole IKE payload - needed for PSK auth */
- vec_free (sa->last_sa_init_res_packet_data);
+ vec_reset_length (sa->last_sa_init_res_packet_data);
vec_add (sa->last_sa_init_res_packet_data, ike, len);
while (p < len && payload != IKEV2_PAYLOAD_NONE)
@@ -2323,7 +2336,7 @@ ikev2_generate_message (ikev2_sa_t * sa, ike_header_t * ike, void *user,
clib_memcpy_fast (ike->payload, chain->data, vec_len (chain->data));
/* store whole IKE payload - needed for PSK auth */
- vec_free (sa->last_sa_init_res_packet_data);
+ vec_reset_length (sa->last_sa_init_res_packet_data);
vec_add (sa->last_sa_init_res_packet_data, ike, tlen);
}
else
@@ -2372,7 +2385,7 @@ ikev2_generate_message (ikev2_sa_t * sa, ike_header_t * ike, void *user,
}
/* store whole IKE payload - needed for retransmit */
- vec_free (sa->last_res_packet_data);
+ vec_reset_length (sa->last_res_packet_data);
vec_add (sa->last_res_packet_data, ike, tlen);
}
@@ -3780,7 +3793,7 @@ ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name)
ike0->msgid = 0;
/* store whole IKE payload - needed for PSK auth */
- vec_free (sa.last_sa_init_req_packet_data);
+ vec_reset_length (sa.last_sa_init_req_packet_data);
vec_add (sa.last_sa_init_req_packet_data, ike0, len);
/* add data to the SA then add it to the pool */