From: tb <tb@openbsd.org>
Date: Mon, 13 Dec 2021 19:46:22 +0000 (+0000)
Subject: Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=94329b3afb112bc684ba4ddfeb7648daac1e3a7e;p=openbsd

Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically
allocating a buffer.

ok tobhe
---

diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c
index b06247136f9..e1d457f8935 100644
--- a/sbin/iked/ca.c
+++ b/sbin/iked/ca.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ca.c,v 1.84 2021/12/13 17:35:34 tobhe Exp $	*/
+/*	$OpenBSD: ca.c,v 1.85 2021/12/13 19:46:22 tb Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -610,6 +610,7 @@ ca_getreq(struct iked *env, struct imsg *imsg)
 			if (subj_name == NULL)
 				return (-1);
 			log_debug("%s: found CA %s", __func__, subj_name);
+			free(subj_name);
 
 			if ((cert = ca_by_issuer(store->ca_certs,
 			    subj, &id)) != NULL) {
@@ -666,6 +667,7 @@ ca_getreq(struct iked *env, struct imsg *imsg)
 			return (-1);
 		log_debug("%s: found local certificate %s", __func__,
 		    subj_name);
+		free(subj_name);
 
 		if ((buf = ca_x509_serialize(cert)) == NULL)
 			return (-1);
@@ -840,6 +842,7 @@ ca_reload(struct iked *env)
 		if (subj_name == NULL)
 			return (-1);
 		log_debug("%s: %s", __func__, subj_name);
+		free(subj_name);
 
 		if (ibuf_add(env->sc_certreq, md, len) != 0) {
 			ibuf_release(env->sc_certreq);
@@ -1730,6 +1733,7 @@ ca_validate_cert(struct iked *env, struct iked_static_id *id,
 		if (subj_name == NULL)
 			goto err;
 		log_debug("%s: %s %.100s", __func__, subj_name, errstr);
+		free(subj_name);
 	}
  err: