I won't claim to understand the lifetime of the various copies of c1.ks.auth_token_key made by code in init.c (to "to.auth_token_key" or "other contexts") - but it seems that these all are copying c1.ks.ssl_ctx as well - and if that can be safely free()'ed, the other one should be fine, too. I also checked that free_key_ctx() is safe to be used should we have no auth_token_key at all.
Your patch has been applied to the master and release/2.5 branch. release/2.4 does not have the offending code (no key-based tokens). I have only compile-tested 2.5 and master ("it should be fine"), but if not, the server-side test rig will find it later today... commit fe39156a386bf0dbe79abe43717c84843830e3c0 (master) commit 6471fd2ab1d07ad24c2c92e7fbda6bd645dd84c8 (release/2.5) Author: Arne Schwabe Date: Wed May 12 15:15:06 2021 +0200 Add missing free_key_ctx for auth_token Signed-off-by: Arne Schwabe <a...@rfc2549.org> Acked-by: Antonio Quartulli <anto...@openvpn.net> Message-Id: <20210512131511.1309914-5-a...@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22345.html Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel