From: tb <tb@openbsd.org>
Date: Tue, 28 Mar 2023 16:32:42 +0000 (+0000)
Subject: Avoid double free in isakmpd
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=822916020a4c2b9a03d609cd1679d54dfd0e46ab;p=openbsd

Avoid double free in isakmpd

In the unlikely event that EC_KEY_check_key() in ec_init() fails,
group->ec would be freed first in ec_init() then in group_free().

Same problem was fixed in iked/dh.c r1.31 (where it originally came
from).

ok jsg mbuhl
---

diff --git a/sbin/isakmpd/dh.c b/sbin/isakmpd/dh.c
index ac436797e59..78d9e491015 100644
--- a/sbin/isakmpd/dh.c
+++ b/sbin/isakmpd/dh.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dh.c,v 1.25 2022/01/14 09:19:19 tb Exp $	*/
+/*	$OpenBSD: dh.c,v 1.26 2023/03/28 16:32:42 tb Exp $	*/
 
 /*
  * Copyright (c) 2010-2014 Reyk Floeter <reyk@openbsd.org>
@@ -420,10 +420,8 @@ ec_init(struct group *group)
 		return (-1);
 	if (!EC_KEY_generate_key(group->ec))
 		return (-1);
-	if (!EC_KEY_check_key(group->ec)) {
-		EC_KEY_free(group->ec);
+	if (!EC_KEY_check_key(group->ec))
 		return (-1);
-	}
 	return (0);
 }