pluto: Fixed potential memory leak when processing requested virtual IPs.
This commit is contained in:
parent
267d47d6f2
commit
809750d72b
|
@ -120,9 +120,10 @@ static void get_attributes(connection_t *c, linked_list_t *ca_list)
|
||||||
int family;
|
int family;
|
||||||
|
|
||||||
family = (ca->type == INTERNAL_IP4_ADDRESS) ? AF_INET : AF_INET6;
|
family = (ca->type == INTERNAL_IP4_ADDRESS) ? AF_INET : AF_INET6;
|
||||||
|
DESTROY_IF(requested_vip);
|
||||||
requested_vip = (ca->value.len) ?
|
requested_vip = (ca->value.len) ?
|
||||||
host_create_from_chunk(family, ca->value, 0) :
|
host_create_from_chunk(family, ca->value, 0) :
|
||||||
host_create_any(family);
|
host_create_any(family);
|
||||||
plog("peer requested virtual IP %H", requested_vip);
|
plog("peer requested virtual IP %H", requested_vip);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -166,7 +167,7 @@ static void get_attributes(connection_t *c, linked_list_t *ca_list)
|
||||||
requested_vip->destroy(requested_vip);
|
requested_vip->destroy(requested_vip);
|
||||||
|
|
||||||
/* if we have a virtual IP address - send it */
|
/* if we have a virtual IP address - send it */
|
||||||
if (!c->spd.that.host_srcip->is_anyaddr(c->spd.that.host_srcip))
|
if (!c->spd.that.host_srcip->is_anyaddr(c->spd.that.host_srcip))
|
||||||
{
|
{
|
||||||
vip = c->spd.that.host_srcip;
|
vip = c->spd.that.host_srcip;
|
||||||
plog("assigning virtual IP %H to peer", vip);
|
plog("assigning virtual IP %H to peer", vip);
|
||||||
|
@ -179,7 +180,7 @@ static void get_attributes(connection_t *c, linked_list_t *ca_list)
|
||||||
|
|
||||||
/* set the remote client subnet to virtual IP */
|
/* set the remote client subnet to virtual IP */
|
||||||
c->spd.that.client.addr = *(ip_address*)vip->get_sockaddr(vip);
|
c->spd.that.client.addr = *(ip_address*)vip->get_sockaddr(vip);
|
||||||
c->spd.that.client.maskbits = (family == AF_INET) ? 32 : 128;
|
c->spd.that.client.maskbits = (family == AF_INET) ? 32 : 128;
|
||||||
c->spd.that.has_client = TRUE;
|
c->spd.that.has_client = TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -264,8 +265,8 @@ static bool set_attributes(connection_t *c, linked_list_t *ca_list)
|
||||||
setportof(0, &c->spd.this.client.addr);
|
setportof(0, &c->spd.this.client.addr);
|
||||||
c->spd.this.has_client = TRUE;
|
c->spd.this.has_client = TRUE;
|
||||||
|
|
||||||
vip_set = TRUE;
|
vip_set = TRUE;
|
||||||
}
|
}
|
||||||
continue;
|
continue;
|
||||||
case APPLICATION_VERSION:
|
case APPLICATION_VERSION:
|
||||||
#ifdef CISCO_QUIRKS
|
#ifdef CISCO_QUIRKS
|
||||||
|
@ -420,7 +421,7 @@ static stf_status modecfg_build_msg(struct state *st, pb_stream *rbody,
|
||||||
}
|
}
|
||||||
enumerator->destroy(enumerator);
|
enumerator->destroy(enumerator);
|
||||||
close_output_pbs(&strattr);
|
close_output_pbs(&strattr);
|
||||||
|
|
||||||
modecfg_hash(r_hashval, r_hash_start, rbody->cur, st);
|
modecfg_hash(r_hashval, r_hash_start, rbody->cur, st);
|
||||||
close_message(rbody);
|
close_message(rbody);
|
||||||
encrypt_message(rbody, st);
|
encrypt_message(rbody, st);
|
||||||
|
@ -653,7 +654,7 @@ static stf_status modecfg_parse_msg(struct msg_digest *md, int isama_type,
|
||||||
ca_list->destroy_function(ca_list, (void*)modecfg_attribute_destroy);
|
ca_list->destroy_function(ca_list, (void*)modecfg_attribute_destroy);
|
||||||
return stat;
|
return stat;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* discard the parsed attributes and look for another payload */
|
/* discard the parsed attributes and look for another payload */
|
||||||
while (ca_list->remove_last(ca_list, (void **)&ca) == SUCCESS) {}
|
while (ca_list->remove_last(ca_list, (void **)&ca) == SUCCESS) {}
|
||||||
}
|
}
|
||||||
|
@ -670,7 +671,7 @@ stf_status modecfg_send_request(struct state *st)
|
||||||
{
|
{
|
||||||
connection_t *c = st->st_connection;
|
connection_t *c = st->st_connection;
|
||||||
stf_status stat;
|
stf_status stat;
|
||||||
modecfg_attribute_t *ca;
|
modecfg_attribute_t *ca;
|
||||||
enumerator_t *enumerator;
|
enumerator_t *enumerator;
|
||||||
int family;
|
int family;
|
||||||
chunk_t value;
|
chunk_t value;
|
||||||
|
@ -685,7 +686,7 @@ stf_status modecfg_send_request(struct state *st)
|
||||||
value);
|
value);
|
||||||
ca_list->insert_last(ca_list, ca);
|
ca_list->insert_last(ca_list, ca);
|
||||||
|
|
||||||
register_attribute_handlers(c);
|
register_attribute_handlers(c);
|
||||||
enumerator = c->requested->create_enumerator(c->requested);
|
enumerator = c->requested->create_enumerator(c->requested);
|
||||||
while (enumerator->enumerate(enumerator, &ca))
|
while (enumerator->enumerate(enumerator, &ca))
|
||||||
{
|
{
|
||||||
|
@ -800,7 +801,7 @@ stf_status modecfg_send_set(struct state *st)
|
||||||
* Used in ModeCfg push mode on the client (initiator)
|
* Used in ModeCfg push mode on the client (initiator)
|
||||||
* called in demux.c from STATE_MODE_CFG_I0
|
* called in demux.c from STATE_MODE_CFG_I0
|
||||||
* client <- CFG_SET
|
* client <- CFG_SET
|
||||||
* client -> CFG_ACK
|
* client -> CFG_ACK
|
||||||
* STF_OK transitions to STATE_MODE_CFG_I3
|
* STF_OK transitions to STATE_MODE_CFG_I3
|
||||||
*/
|
*/
|
||||||
stf_status modecfg_inI0(struct msg_digest *md)
|
stf_status modecfg_inI0(struct msg_digest *md)
|
||||||
|
@ -865,7 +866,7 @@ stf_status modecfg_inI0(struct msg_digest *md)
|
||||||
/**
|
/**
|
||||||
* Used in ModeCfg push mode on the server (responder)
|
* Used in ModeCfg push mode on the server (responder)
|
||||||
* called in demux.c from STATE_MODE_CFG_R3
|
* called in demux.c from STATE_MODE_CFG_R3
|
||||||
* server <- CFG_ACK
|
* server <- CFG_ACK
|
||||||
* STF_OK transitions to STATE_MODE_CFG_R4
|
* STF_OK transitions to STATE_MODE_CFG_R4
|
||||||
*/
|
*/
|
||||||
stf_status modecfg_inR3(struct msg_digest *md)
|
stf_status modecfg_inR3(struct msg_digest *md)
|
||||||
|
@ -1140,7 +1141,7 @@ stf_status xauth_inR1(struct msg_digest *md)
|
||||||
xauth_user_name.ptr)
|
xauth_user_name.ptr)
|
||||||
)
|
)
|
||||||
DESTROY_IF(c->xauth_identity);
|
DESTROY_IF(c->xauth_identity);
|
||||||
c->xauth_identity = identification_create_from_data(xauth_user_name);
|
c->xauth_identity = identification_create_from_data(xauth_user_name);
|
||||||
|
|
||||||
DBG(DBG_PRIVATE,
|
DBG(DBG_PRIVATE,
|
||||||
DBG_log("peer xauth user password is '%.*s'", xauth_user_password.len,
|
DBG_log("peer xauth user password is '%.*s'", xauth_user_password.len,
|
||||||
|
|
Loading…
Reference in New Issue