From patchwork Mon Mar 13 13:42:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 3126 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:2310:b0:9f:bfa4:120f with SMTP id r16csp1513295dye; Mon, 13 Mar 2023 06:43:37 -0700 (PDT) X-Google-Smtp-Source: AK7set9Nao/czq2bck6LdYO3h6fOaTg1o8/1evfQQcnyKTtGJqswH2QegFTZrhgk0mJxVNPvv7nA X-Received: by 2002:a17:90a:6942:b0:23b:355f:b26c with SMTP id j2-20020a17090a694200b0023b355fb26cmr7714437pjm.23.1678715016907; Mon, 13 Mar 2023 06:43:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1678715016; cv=none; d=google.com; s=arc-20160816; b=ZP1UyC/C1sfZWsLncpsQ4qrDyQDfdzV5O5ht57xT36TQaMWkFeXeoQSXkHabvRoX08 M2Y+rE3Sg8zA/kv9UEdQi6c2flWy1//Ec+M8lX7U61CbD7TCuhtxVBgYtkolVXt0Olim sidVOcKXs+JjnyMUazYVmJiFjwPiu5//aBemn+ODNHP4DUQmgcisHMOo7lt/zovjo2HD /FPMHLYV4iD7vzvklQNBY4BX3hHbUclb4KpngsMgfMHHp6Bb15zYeS94aourv7H3y6do SmxzDZTfgvmfRXbKEOnXsYLofaFH9FMrUsok/Oex/nekmDXmYEUat8nGiB/S6MuU8e+K KZcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=G6ES7gsO2DmfPBOXeGxXjIW3shPAOt8gLps1/ViIImE=; b=sJ5vDbtfP3CjkPC0zg8RVK2tKNShDeT2Cc1x3+HIuzHhKlQUJ/TRfpXqxxvOAA8Vkf p/QuGhTtJF1beV/fn1VtG+c5RHpIM8us/TaZokm/kaAlYWeJ70tERVyGF6FzWf/mh9l9 VubPh90zBiiR7XrjaFrxsjoWMll4oUrfnL8E+sj7SD61POrqF1ZXsTzXivLKxZGMRbgg FcI9GDt5MmaXipXEkte02t9KTzpOZsuBdPwTZHtawyNA2qm2SpsSupF5pA1FN/KxD4m1 JPVogOtQTckMPu9+O1YCm9kq0OqeVBFCQEwrjbKykBcaz4t+P1h5dnJzbwJ0ZZTpUIFt 4Tig== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=KAlAMDBK; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=iCCvdXsU; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id s67-20020a632c46000000b005089630be40si6058184pgs.649.2023.03.13.06.43.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Mar 2023 06:43:36 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=KAlAMDBK; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=iCCvdXsU; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pbiRu-0000uJ-Ox; Mon, 13 Mar 2023 13:42:51 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pbiRs-0000uC-JX for openvpn-devel@lists.sourceforge.net; Mon, 13 Mar 2023 13:42:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tWrohfHrHEHCSo0WWZZ0zATjE9C7e52OJH/0LYPRC5M=; b=KAlAMDBKCrRSeKFj0WEk/vxOLD oDa/1mdJP3N1ztQ3QAlpuDs+x/1Pq/+/bqry1jXdhsVhcVCopcdVt8fF5/2BdcMIJGE/eo/xjqKyx wclxwBYn9B5WAld+ZAnRK2aVQ0Rv22JJy4pmyJYVnzOlA6BPiqW/zwQg9cyi7kQgEyUk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=tWrohfHrHEHCSo0WWZZ0zATjE9C7e52OJH/0LYPRC5M=; b=i CCvdXsUtoteXDZMdmrvktHrut9ChtezsEBtxLdqJdad8rJZmwAWJiB3eMvV9MJ3iLxemXwU5lO3u0 9lm5/IJGUdnJVxhLgyIaYsLtLppE6h0WgFalxfCirUYANmKNgAoK35Pmm2qF2aM2PqzxEUuvNSjPp QQorXM+aMmQCsLVQ=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pbiRp-0000Em-EY for openvpn-devel@lists.sourceforge.net; Mon, 13 Mar 2023 13:42:49 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pbiRd-0003pE-NN for openvpn-devel@lists.sourceforge.net; Mon, 13 Mar 2023 14:42:33 +0100 Received: (nullmailer pid 60381 invoked by uid 10006); Mon, 13 Mar 2023 13:42:33 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Mon, 13 Mar 2023 14:42:33 +0100 Message-Id: <20230313134233.60335-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The open_tun_dco_generic already allocates the actual_name string, this shadows the allocation in the FreeBSD/Linux specific methods. The HMAC leaks are just forgotten frees/deinitialisations. Found-By: clang with asan Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pbiRp-0000Em-EY Subject: [Openvpn-devel] [PATCH v2] Fix memory leaks in HMAC initial packet id and dco open tun X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1760259712966660198?= X-GMAIL-MSGID: =?utf-8?q?1760260277694925084?= The open_tun_dco_generic already allocates the actual_name string, this shadows the allocation in the FreeBSD/Linux specific methods. The HMAC leaks are just forgotten frees/deinitialisations. Found-By: clang with asan Patch v2: rebase. Include linux bits accidentially forgotten. Change-Id: I3c344af047abe94c0178bde1781eb450f10d157d Signed-off-by: Arne Schwabe --- src/openvpn/dco_freebsd.c | 1 - src/openvpn/dco_linux.c | 1 - src/openvpn/init.c | 2 ++ src/openvpn/mudp.c | 1 + src/openvpn/ssl.c | 11 +++++++++++ src/openvpn/ssl.h | 6 ++++++ 6 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index 92de5f04b..e605f2a9d 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -230,7 +230,6 @@ create_interface(struct tuntap *tt, const char *dev) } snprintf(tt->dco.ifname, IFNAMSIZ, "%s", ifr.ifr_data); - tt->actual_name = string_alloc(tt->dco.ifname, NULL); /* see "Interface Flags" in ifnet(9) */ int i = IFF_POINTOPOINT | IFF_MULTICAST; diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 2b349529f..0f5fc48d9 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -457,7 +457,6 @@ open_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx, const char *dev) msg(M_FATAL, "DCO: cannot retrieve ifindex for interface %s", dev); } - tt->actual_name = string_alloc(dev, NULL); tt->dco.dco_message_peer_id = -1; ovpn_dco_register(&tt->dco); diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 124ac76bd..e59edd742 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3881,6 +3881,8 @@ do_close_tls(struct context *c) md_ctx_cleanup(c->c2.pulled_options_state); md_ctx_free(c->c2.pulled_options_state); } + + tls_auth_standalone_free(c->c2.tls_auth_standalone); } /* diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 8698aefc8..813160639 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -61,6 +61,7 @@ send_hmac_reset_packet(struct multi_context *m, m->hmac_reply = c->c2.buffers->aux_buf; m->hmac_reply_dest = &m->top.c2.from; msg(D_MULTI_DEBUG, "Reset packet from client, sending HMAC based reset challenge"); + free_buf(&buf); } diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 78cec90a1..fe6390fad 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1361,6 +1361,17 @@ tls_auth_standalone_init(struct tls_options *tls_options, return tas; } +void +tls_auth_standalone_free(struct tls_auth_standalone *tas) +{ + if (!tas) + { + return; + } + + packet_id_free(&tas->tls_wrap.opt.packet_id); +} + /* * Set local and remote option compatibility strings. * Used to verify compatibility of local and remote option diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 58ff4b9b4..a050cd5c9 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -180,6 +180,12 @@ void tls_multi_init_finalize(struct tls_multi *multi, int tls_mtu); struct tls_auth_standalone *tls_auth_standalone_init(struct tls_options *tls_options, struct gc_arena *gc); +/** + * Frees a standalone tls-auth verification object. + * @param tas the object to free. May be NULL. + */ +void tls_auth_standalone_free(struct tls_auth_standalone *tas); + /* * Setups the control channel frame size parameters from the data channel * parameters