If tls_crypt_unwrap() failed, we would jump to cleanup and forget to free
the buffer. Instead, allocate the buffer through gc, which is free'd in
the cleanup section.
Signed-off-by: Steffan Karger <stef...@karger.me>
---
src/openvpn/ssl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 2a476800..806172ea 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1534,7 +1534,7 @@ read_control_auth(struct buffer *buf,
}
else if (ctx->mode == TLS_WRAP_CRYPT)
{
- struct buffer tmp = alloc_buf(buf_forward_capacity_total(buf));
+ struct buffer tmp = alloc_buf_gc(buf_forward_capacity_total(buf), &gc);
if (!tls_crypt_unwrap(buf, &tmp, &ctx->opt))
{
msg(D_TLS_ERRORS, "TLS Error: tls-crypt unwrapping failed from %s",
@@ -1543,7 +1543,7 @@ read_control_auth(struct buffer *buf,
}
ASSERT(buf_init(buf, buf->offset));
ASSERT(buf_copy(buf, &tmp));
- free_buf(&tmp);
+ buf_clear(&tmp);
}
if (ctx->mode == TLS_WRAP_NONE || ctx->mode == TLS_WRAP_AUTH)
--
2.11.0
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
