wg_noise: fix remote refcount leak

In the occasion that noise_begin_session returns != 0, we could accidentally leak the remote refcount, as the caller to consume_response only expects *rp to be set when ret == 0. The only situation we could leak this is if we cannot allocate memory for the new keypair. Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
author: Matt Dunwoodie <ncon@noconroy.net> 2021-04-28 14:00:11 +1000
committer: Matt Dunwoodie <ncon@noconroy.net> 2021-04-28 14:00:11 +1000
commit: 5810c2f54feaaa761980d9fd4aa92988f4317750 (patch)
tree: 09a9b5cfc1e54734be6181492027a5a77619f6d1 /src/wg_noise.c
parent: if_wg: do not assume that IP header is pulled up (diff)
download: wireguard-freebsd-5810c2f54feaaa761980d9fd4aa92988f4317750.tar.xz
wireguard-freebsd-5810c2f54feaaa761980d9fd4aa92988f4317750.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/wg_noise.c b/src/wg_noise.c
index 7acf1b6..5e98fbe 100644
--- a/src/wg_noise.c
+++ b/src/wg_noise.c
@@ -1163,8 +1163,8 @@ noise_consume_response(struct noise_local *l, struct noise_remote **rp,
 	    r->r_index.i_local_index == r_idx) {
 		r->r_handshake = hs;
 		r->r_index.i_remote_index = s_idx;
-		ret = noise_begin_session(r);
-		*rp = noise_remote_ref(r);
+		if ((ret = noise_begin_session(r)) == 0)
+			*rp = noise_remote_ref(r);
 	}
 	rw_wunlock(&r->r_handshake_lock);
 error_zero:
author	Matt Dunwoodie <ncon@noconroy.net>	2021-04-28 14:00:11 +1000
committer	Matt Dunwoodie <ncon@noconroy.net>	2021-04-28 14:00:11 +1000
commit	5810c2f54feaaa761980d9fd4aa92988f4317750 (patch)
tree	09a9b5cfc1e54734be6181492027a5a77619f6d1 /src/wg_noise.c
parent	if_wg: do not assume that IP header is pulled up (diff)
download	wireguard-freebsd-5810c2f54feaaa761980d9fd4aa92988f4317750.tar.xz wireguard-freebsd-5810c2f54feaaa761980d9fd4aa92988f4317750.zip