From 030929e25b6a2bd5290cfa6c0088de21db156f93 Mon Sep 17 00:00:00 2001 From: Jeffrey Hsu Date: Sun, 3 Dec 2006 02:52:44 +0000 Subject: [PATCH] Apply FreeBSD rev 1.6: date: 2003-06-29 16:58:38 -0700; author: sam; state: Exp; lines: +13 -2; plug xform memory leaks: o add missing zeroize op when deleting an SA o don't re-initialize an xform for an SA that already has one Submitted by: Doug Ambrisko --- sys/netproto/ipsec/key.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/sys/netproto/ipsec/key.c b/sys/netproto/ipsec/key.c index 7cf2b337e6..60b3d6d34c 100644 --- a/sys/netproto/ipsec/key.c +++ b/sys/netproto/ipsec/key.c @@ -1,5 +1,5 @@ /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.1 2003/01/24 05:11:35 sam Exp $ */ -/* $DragonFly: src/sys/netproto/ipsec/key.c,v 1.21 2006/12/03 02:47:53 hsu Exp $ */ +/* $DragonFly: src/sys/netproto/ipsec/key.c,v 1.22 2006/12/03 02:52:44 hsu Exp $ */ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ /* @@ -2649,13 +2649,24 @@ key_delsav(struct secasvar *sav) if (__LIST_CHAINED(sav)) LIST_REMOVE(sav, chain); + /* + * Cleanup xform state. Note that zeroize'ing causes the + * keys to be cleared; otherwise we must do it ourself. + */ + if (sav->tdb_xform != NULL) { + sav->tdb_xform->xf_zeroize(sav); + sav->tdb_xform = NULL; + } else { + if (sav->key_auth != NULL) + bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); + if (sav->key_enc != NULL) + bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc)); + } if (sav->key_auth != NULL) { - bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); KFREE(sav->key_auth); sav->key_auth = NULL; } if (sav->key_enc != NULL) { - bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc)); KFREE(sav->key_enc); sav->key_enc = NULL; } -- 2.41.0