diff options
author | Matt Dunwoodie <ncon@noconroy.net> | 2021-04-28 14:00:11 +1000 |
---|---|---|
committer | Matt Dunwoodie <ncon@noconroy.net> | 2021-04-28 14:00:11 +1000 |
commit | 5810c2f54feaaa761980d9fd4aa92988f4317750 (patch) | |
tree | 09a9b5cfc1e54734be6181492027a5a77619f6d1 /src | |
parent | if_wg: do not assume that IP header is pulled up (diff) | |
download | wireguard-freebsd-5810c2f54feaaa761980d9fd4aa92988f4317750.tar.xz wireguard-freebsd-5810c2f54feaaa761980d9fd4aa92988f4317750.zip |
wg_noise: fix remote refcount leak
In the occasion that noise_begin_session returns != 0, we could
accidentally leak the remote refcount, as the caller to
consume_response only expects *rp to be set when ret == 0.
The only situation we could leak this is if we cannot allocate memory
for the new keypair.
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
Diffstat (limited to '')
-rw-r--r-- | src/wg_noise.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/wg_noise.c b/src/wg_noise.c index 7acf1b6..5e98fbe 100644 --- a/src/wg_noise.c +++ b/src/wg_noise.c @@ -1163,8 +1163,8 @@ noise_consume_response(struct noise_local *l, struct noise_remote **rp, r->r_index.i_local_index == r_idx) { r->r_handshake = hs; r->r_index.i_remote_index = s_idx; - ret = noise_begin_session(r); - *rp = noise_remote_ref(r); + if ((ret = noise_begin_session(r)) == 0) + *rp = noise_remote_ref(r); } rw_wunlock(&r->r_handshake_lock); error_zero: |