The open_tun_dco_generic already allocates the actual_name string, this shadows the allocation in the FreeBSD/Linux specific methods.
The HMAC leaks are just forgotten frees/deinitialisations. Found-By: clang with asan Patch v2: rebase. Include linux bits accidentially forgotten. Change-Id: I3c344af047abe94c0178bde1781eb450f10d157d Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/dco_freebsd.c | 1 - src/openvpn/dco_linux.c | 1 - src/openvpn/init.c | 2 ++ src/openvpn/mudp.c | 1 + src/openvpn/ssl.c | 11 +++++++++++ src/openvpn/ssl.h | 6 ++++++ 6 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index 92de5f04b..e605f2a9d 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -230,7 +230,6 @@ create_interface(struct tuntap *tt, const char *dev) } snprintf(tt->dco.ifname, IFNAMSIZ, "%s", ifr.ifr_data); - tt->actual_name = string_alloc(tt->dco.ifname, NULL); /* see "Interface Flags" in ifnet(9) */ int i = IFF_POINTOPOINT | IFF_MULTICAST; diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 2b349529f..0f5fc48d9 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -457,7 +457,6 @@ open_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx, const char *dev) msg(M_FATAL, "DCO: cannot retrieve ifindex for interface %s", dev); } - tt->actual_name = string_alloc(dev, NULL); tt->dco.dco_message_peer_id = -1; ovpn_dco_register(&tt->dco); diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 124ac76bd..e59edd742 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3881,6 +3881,8 @@ do_close_tls(struct context *c) md_ctx_cleanup(c->c2.pulled_options_state); md_ctx_free(c->c2.pulled_options_state); } + + tls_auth_standalone_free(c->c2.tls_auth_standalone); } /* diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 8698aefc8..813160639 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -61,6 +61,7 @@ send_hmac_reset_packet(struct multi_context *m, m->hmac_reply = c->c2.buffers->aux_buf; m->hmac_reply_dest = &m->top.c2.from; msg(D_MULTI_DEBUG, "Reset packet from client, sending HMAC based reset challenge"); + free_buf(&buf); } diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 78cec90a1..fe6390fad 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1361,6 +1361,17 @@ tls_auth_standalone_init(struct tls_options *tls_options, return tas; } +void +tls_auth_standalone_free(struct tls_auth_standalone *tas) +{ + if (!tas) + { + return; + } + + packet_id_free(&tas->tls_wrap.opt.packet_id); +} + /* * Set local and remote option compatibility strings. * Used to verify compatibility of local and remote option diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 58ff4b9b4..a050cd5c9 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -180,6 +180,12 @@ void tls_multi_init_finalize(struct tls_multi *multi, int tls_mtu); struct tls_auth_standalone *tls_auth_standalone_init(struct tls_options *tls_options, struct gc_arena *gc); +/** + * Frees a standalone tls-auth verification object. + * @param tas the object to free. May be NULL. + */ +void tls_auth_standalone_free(struct tls_auth_standalone *tas); + /* * Setups the control channel frame size parameters from the data channel * parameters -- 2.37.1 (Apple Git-137.1) _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel