ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ikev2: fix cli memory leak

Browse Source 
Type: fix

Change-Id: Ibdd83fa336427ec0c66224ecebb1b6bd36d1d1ba
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 1f6a6b8b2b)
This commit is contained in:
Benoît Ganne
2020-09-30 18:35:27 +02:00
committed by Andrew Yourtchenko
parent 32c2b2ae60
commit 19b477f977
1 changed files with 40 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
src/plugins/ikev2/ikev2_cli.c
View File

@ -175,6 +175,23 @@ VLIB_CLI_COMMAND (show_ikev2_sa_command, static) = {
};
/* *INDENT-ON* */
static uword
unformat_ikev2_token (unformat_input_t * input, va_list * va)
{
u8 **string_return = va_arg (*va, u8 **);
const char *token_chars = "a-zA-Z0-9_";
if (*string_return)
{
/* if string_return was already allocated (eg. because of a previous
* partial match with a successful unformat_token()), we must free it
* before reusing the pointer, otherwise we'll be leaking memory
*/
vec_free (*string_return);
*string_return = 0;
}
return unformat_user (input, unformat_token, token_chars, string_return);
}
static clib_error_t *
ikev2_profile_add_del_command_fn (vlib_main_t * vm,
unformat_input_t * input,
@ -197,27 +214,23 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
ikev2_transform_integ_type_t integ_alg;
ikev2_transform_dh_type_t dh_type;
const char *valid_chars = "a-zA-Z0-9_";
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "add %U", unformat_token, valid_chars, &name))
if (unformat (line_input, "add %U", unformat_ikev2_token, &name))
{
r = ikev2_add_del_profile (vm, name, 1);
goto done;
}
else
if (unformat
(line_input, "del %U", unformat_token, valid_chars, &name))
else if (unformat (line_input, "del %U", unformat_ikev2_token, &name))
{
r = ikev2_add_del_profile (vm, name, 0);
goto done;
}
else if (unformat (line_input, "set %U auth shared-key-mic string %v",
unformat_token, valid_chars, &name, &data))
unformat_ikev2_token, &name, &data))
{
r =
ikev2_set_profile_auth (vm, name,
@ -226,7 +239,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U auth shared-key-mic hex %U",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_hex_string, &data))
{
r =
@ -236,7 +249,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U auth rsa-sig cert-file %v",
unformat_token, valid_chars, &name, &data))
unformat_ikev2_token, &name, &data))
{
r =
ikev2_set_profile_auth (vm, name, IKEV2_AUTH_METHOD_RSA_SIG, data,
@ -244,7 +257,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id local %U %U",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type,
unformat_ip4_address, &ip4))
{
@ -255,7 +268,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id local %U 0x%U",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type,
unformat_hex_string, &data))
{
@ -264,7 +277,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id local %U %v",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type, &data))
{
r =
@ -272,7 +285,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id remote %U %U",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type,
unformat_ip4_address, &ip4))
{
@ -283,7 +296,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id remote %U 0x%U",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type,
unformat_hex_string, &data))
{
@ -292,7 +305,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id remote %U %v",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type, &data))
{
r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
@ -301,7 +314,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
}
else if (unformat (line_input, "set %U traffic-selector local "
"ip-range %U - %U port-range %u - %u protocol %u",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ip4_address, &ip4,
unformat_ip4_address, &end_addr,
&tmp1, &tmp2, &tmp3))
@ -313,7 +326,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
}
else if (unformat (line_input, "set %U traffic-selector remote "
"ip-range %U - %U port-range %u - %u protocol %u",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ip4_address, &ip4,
unformat_ip4_address, &end_addr,
&tmp1, &tmp2, &tmp3))
@ -324,7 +337,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U responder %U %U",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_vnet_sw_interface, vnm,
&responder_sw_if_index, unformat_ip4_address,
&responder_ip4))
@ -335,7 +348,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U tunnel %U",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_vnet_sw_interface, vnm, &tun_sw_if_index))
{
r = ikev2_set_profile_tunnel_interface (vm, name, tun_sw_if_index);
@ -345,7 +358,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
if (unformat
(line_input,
"set %U ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
unformat_ikev2_transform_integ_type, &integ_alg,
unformat_ikev2_transform_dh_type, &dh_type))
@ -359,7 +372,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
if (unformat
(line_input,
"set %U ike-crypto-alg %U %u ike-dh %U",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
unformat_ikev2_transform_dh_type, &dh_type))
{
@ -373,7 +386,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
if (unformat
(line_input,
"set %U esp-crypto-alg %U %u esp-integ-alg %U",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
unformat_ikev2_transform_integ_type, &integ_alg))
{
@ -385,7 +398,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
else if (unformat
(line_input,
"set %U esp-crypto-alg %U %u",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1))
{
r =
@ -393,7 +406,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U sa-lifetime %lu %u %u %lu",
unformat_token, valid_chars, &name,
unformat_ikev2_token, &name,
&tmp4, &tmp1, &tmp2, &tmp5))
{
r =
@ -401,13 +414,13 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U udp-encap",
unformat_token, valid_chars, &name))
unformat_ikev2_token, &name))
{
r = ikev2_set_profile_udp_encap (vm, name);
goto done;
}
else if (unformat (line_input, "set %U ipsec-over-udp port %u",
unformat_token, valid_chars, &name, &tmp1))
unformat_ikev2_token, &name, &tmp1))
{
int rv = ikev2_set_profile_ipsec_udp_port (vm, name, tmp1, 1);
if (rv)
@ -651,15 +664,12 @@ ikev2_initiate_command_fn (vlib_main_t * vm,
u32 tmp1;
u64 tmp2;
const char *valid_chars = "a-zA-Z0-9_";
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat
(line_input, "sa-init %U", unformat_token, valid_chars, &name))
if (unformat (line_input, "sa-init %U", unformat_ikev2_token, &name))
{
r = ikev2_initiate_sa_init (vm, name);
goto done;