CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/26 05:17:14
Modified files:
sbin/iked : ocsp.c
Log message:
iked: Avoid NULL-deref in ocsp_connect_finish()
Several error path in ocsp_connect() can call ocsp_connect_finish()
with oc == NULL. This will result in a NULL-deref. To recover
gracefully the child requesting the OCSP file descriptor needs to
be notified, otherwise the stale request will exist in the child
forever. To accomplish this, provide struct iked_sahdr *sh directly
to ocsp_connect_finish() as a parameter. So sh is guaranteed to
be valid even when oc is NULL.
While there, avoid a potential double-free on oc_path when a strdup(3)
fails.
ok tobhe@
