Tue May 16 07:43:50 2017 UTC ()
Fix memory leaks of sah->idents and sah->identd

Originally fixed by the SEIL team of IIJ


(ozaki-r)
diff -r1.128 -r1.129 src/sys/netipsec/key.c
cvs diff -r1.128 -r1.129 src/sys/netipsec/key.c (expand / switch to unified diff)

--- src/sys/netipsec/key.c 2017/05/16 07:25:57 1.128
+++ src/sys/netipsec/key.c 2017/05/16 07:43:50 1.129
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: key.c,v 1.128 2017/05/16 07:25:57 ozaki-r Exp $ */ 1/* $NetBSD: key.c,v 1.129 2017/05/16 07:43:50 ozaki-r Exp $ */
2/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ 2/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
3/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -22,27 +22,27 @@ @@ -22,27 +22,27 @@
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#include <sys/cdefs.h> 34#include <sys/cdefs.h>
35__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.128 2017/05/16 07:25:57 ozaki-r Exp $"); 35__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.129 2017/05/16 07:43:50 ozaki-r Exp $");
36 36
37/* 37/*
38 * This code is referd to RFC 2367 38 * This code is referd to RFC 2367
39 */ 39 */
40 40
41#if defined(_KERNEL_OPT) 41#if defined(_KERNEL_OPT)
42#include "opt_inet.h" 42#include "opt_inet.h"
43#include "opt_ipsec.h" 43#include "opt_ipsec.h"
44#include "opt_gateway.h" 44#include "opt_gateway.h"
45#endif 45#endif
46 46
47#include <sys/types.h> 47#include <sys/types.h>
48#include <sys/param.h> 48#include <sys/param.h>
@@ -2919,26 +2919,31 @@ key_delsah(struct secashead *sah) @@ -2919,26 +2919,31 @@ key_delsah(struct secashead *sah)
2919 2919
2920 /* don't delete sah only if there are savs. */ 2920 /* don't delete sah only if there are savs. */
2921 if (zombie) { 2921 if (zombie) {
2922 splx(s); 2922 splx(s);
2923 return; 2923 return;
2924 } 2924 }
2925 2925
2926 rtcache_free(&sah->sa_route); 2926 rtcache_free(&sah->sa_route);
2927 2927
2928 /* remove from tree of SA index */ 2928 /* remove from tree of SA index */
2929 if (__LIST_CHAINED(sah)) 2929 if (__LIST_CHAINED(sah))
2930 LIST_REMOVE(sah, chain); 2930 LIST_REMOVE(sah, chain);
2931 2931
 2932 if (sah->idents != NULL)
 2933 KFREE(sah->idents);
 2934 if (sah->identd != NULL)
 2935 KFREE(sah->identd);
 2936
2932 kmem_free(sah, sizeof(*sah)); 2937 kmem_free(sah, sizeof(*sah));
2933 2938
2934 splx(s); 2939 splx(s);
2935 return; 2940 return;
2936} 2941}
2937 2942
2938/* 2943/*
2939 * allocating a new SA with LARVAL state. key_add() and key_getspi() call, 2944 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2940 * and copy the values of mhp into new buffer. 2945 * and copy the values of mhp into new buffer.
2941 * When SAD message type is GETSPI: 2946 * When SAD message type is GETSPI:
2942 * to set sequence number from acq_seq++, 2947 * to set sequence number from acq_seq++,
2943 * to set zero to SPI. 2948 * to set zero to SPI.
2944 * not to call key_setsava(). 2949 * not to call key_setsava().
@@ -5561,26 +5566,38 @@ key_add(struct socket *so, struct mbuf * @@ -5561,26 +5566,38 @@ key_add(struct socket *so, struct mbuf *
5561/* m is retained */ 5566/* m is retained */
5562static int 5567static int
5563key_setident(struct secashead *sah, struct mbuf *m, 5568key_setident(struct secashead *sah, struct mbuf *m,
5564 const struct sadb_msghdr *mhp) 5569 const struct sadb_msghdr *mhp)
5565{ 5570{
5566 const struct sadb_ident *idsrc, *iddst; 5571 const struct sadb_ident *idsrc, *iddst;
5567 int idsrclen, iddstlen; 5572 int idsrclen, iddstlen;
5568 5573
5569 KASSERT(sah != NULL); 5574 KASSERT(sah != NULL);
5570 KASSERT(m != NULL); 5575 KASSERT(m != NULL);
5571 KASSERT(mhp != NULL); 5576 KASSERT(mhp != NULL);
5572 KASSERT(mhp->msg != NULL); 5577 KASSERT(mhp->msg != NULL);
5573 5578
 5579 /*
 5580 * Can be called with an existing sah from key_update().
 5581 */
 5582 if (sah->idents != NULL) {
 5583 KFREE(sah->idents);
 5584 sah->idents = NULL;
 5585 }
 5586 if (sah->identd != NULL) {
 5587 KFREE(sah->identd);
 5588 sah->identd = NULL;
 5589 }
 5590
5574 /* don't make buffer if not there */ 5591 /* don't make buffer if not there */
5575 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && 5592 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
5576 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 5593 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5577 sah->idents = NULL; 5594 sah->idents = NULL;
5578 sah->identd = NULL; 5595 sah->identd = NULL;
5579 return 0; 5596 return 0;
5580 } 5597 }
5581 5598
5582 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || 5599 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
5583 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 5600 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5584 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n")); 5601 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
5585 return EINVAL; 5602 return EINVAL;
5586 } 5603 }