From ecdf68be13018fd974bcb3435f70e911bb87306a Mon Sep 17 00:00:00 2001 From: tobhe Date: Tue, 7 Sep 2021 14:09:04 +0000 Subject: [PATCH] Fix leak of msg_cert.id_buf. ikev2_msg_cleanup() frees id_buf if we don't delete the pointer. ok markus@ --- sbin/iked/ikev2.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 5cbe1c4a935..833c2875825 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.326 2021/09/01 15:30:06 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.327 2021/09/07 14:09:04 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -1019,7 +1019,6 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, certtype = msg->msg_cert.id_type; cert = ibuf_data(msg->msg_cert.id_buf); certlen = ibuf_length(msg->msg_cert.id_buf); - bzero(&msg->msg_cert, sizeof(msg->msg_cert)); } sa->sa_stateflags &= ~IKED_REQ_CERTVALID; if (ca_setcert(env, &sa->sa_hdr, id, certtype, cert, certlen, PROC_CERT) == -1) -- 2.20.1