ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ikev2: fix memory leaks

Browse Source 
Type: fix

Change-Id: I5be19a4923b37e2636621d36155178ac348ee41c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit a8af7cf253c4e8ab9ba1a2cfed50f6236fea3a62)
This commit is contained in:
Benoît Ganne
2020-09-17 17:08:07 +02:00
committed by Beno�t Ganne
parent 6cb106314b
commit db17fa2fb8
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/plugins/ikev2/ikev2.c
View File

@ -3210,6 +3210,8 @@ ikev2_set_local_key (vlib_main_t * vm, u8 * file)
{ {
ikev2_main_t *km = &ikev2_main; ikev2_main_t *km = &ikev2_main;
if (km->pkey)
EVP_PKEY_free (km->pkey);
km->pkey = ikev2_load_key_file (file); km->pkey = ikev2_load_key_file (file);
if (km->pkey == NULL) if (km->pkey == NULL)
return clib_error_return (0, "load key '%s' failed", file); return clib_error_return (0, "load key '%s' failed", file);
@ -3358,6 +3360,19 @@ ikev2_cleanup_profile_sessions (ikev2_main_t * km, ikev2_profile_t * p)
vec_free (del_sai); vec_free (del_sai);
} }
static void
ikev2_profile_free (ikev2_profile_t * p)
{
vec_free (p->name);
vec_free (p->auth.data);
if (p->auth.key)
EVP_PKEY_free (p->auth.key);
vec_free (p->loc_id.data);
vec_free (p->rem_id.data);
}
clib_error_t * clib_error_t *
ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add) ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add)
{ {
@ -3387,7 +3402,7 @@ ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add)
ikev2_unregister_udp_port (p); ikev2_unregister_udp_port (p);
ikev2_cleanup_profile_sessions (km, p); ikev2_cleanup_profile_sessions (km, p);
vec_free (p->name); ikev2_profile_free (p);
pool_put (km->profiles, p); pool_put (km->profiles, p);
mhash_unset (&km->profile_index_by_name, name, 0); mhash_unset (&km->profile_index_by_name, name, 0);
} }
@ -3408,7 +3423,11 @@ ikev2_set_profile_auth (vlib_main_t * vm, u8 * name, u8 auth_method,
r = clib_error_return (0, "unknown profile %v", name); r = clib_error_return (0, "unknown profile %v", name);
return r; return r;
} }
if (p->auth.key)
EVP_PKEY_free (p->auth.key);
vec_free (p->auth.data); vec_free (p->auth.data);
p->auth.method = auth_method; p->auth.method = auth_method;
p->auth.data = vec_dup (auth_data); p->auth.data = vec_dup (auth_data);
p->auth.hex = data_hex_format; p->auth.hex = data_hex_format;
@ -3416,8 +3435,6 @@ ikev2_set_profile_auth (vlib_main_t * vm, u8 * name, u8 auth_method,
if (auth_method == IKEV2_AUTH_METHOD_RSA_SIG) if (auth_method == IKEV2_AUTH_METHOD_RSA_SIG)
{ {
vec_add1 (p->auth.data, 0); vec_add1 (p->auth.data, 0);
if (p->auth.key)
EVP_PKEY_free (p->auth.key);
p->auth.key = ikev2_load_cert_file (p->auth.data); p->auth.key = ikev2_load_cert_file (p->auth.data);
if (p->auth.key == NULL) if (p->auth.key == NULL)
return clib_error_return (0, "load cert '%s' failed", p->auth.data); return clib_error_return (0, "load cert '%s' failed", p->auth.data);

1
src/plugins/ikev2/ikev2_crypto.c
View File

@ -828,6 +828,7 @@ ikev2_load_cert_file (u8 * file)
} }
pkey = X509_get_pubkey (x509); pkey = X509_get_pubkey (x509);
X509_free (x509);
if (pkey == NULL) if (pkey == NULL)
ikev2_log_error ("get pubkey %s failed", file); ikev2_log_error ("get pubkey %s failed", file);