From: tb <tb@openbsd.org>
Date: Mon, 13 Dec 2021 18:06:56 +0000 (+0000)
Subject: Avoid a potential double free in group_free()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=ae5d40d61be697d11b976d3cc1df9f33783df2e5;p=openbsd

Avoid a potential double free in group_free()

In the unlikely event that EC_KEY_check_key() in ec_init() fails,
the group would be freed twice: once in ec_init(), and later in
group_free().

ok tobhe
---

diff --git a/sbin/iked/dh.c b/sbin/iked/dh.c
index ff3126e5147..8c46e1b60e3 100644
--- a/sbin/iked/dh.c
+++ b/sbin/iked/dh.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dh.c,v 1.30 2021/11/29 06:43:42 deraadt Exp $	*/
+/*	$OpenBSD: dh.c,v 1.31 2021/12/13 18:06:56 tb Exp $	*/
 
 /*
  * Copyright (c) 2010-2014 Reyk Floeter <reyk@openbsd.org>
@@ -513,10 +513,8 @@ ec_init(struct dh_group *group)
 		return (-1);
 	if (!EC_KEY_generate_key(group->ec))
 		return (-1);
-	if (!EC_KEY_check_key(group->ec)) {
-		EC_KEY_free(group->ec);
+	if (!EC_KEY_check_key(group->ec))
 		return (-1);
-	}
 	return (0);
 }