From 5810c2f54feaaa761980d9fd4aa92988f4317750 Mon Sep 17 00:00:00 2001
From: Matt Dunwoodie <ncon@noconroy.net>
Date: Wed, 28 Apr 2021 14:00:11 +1000
Subject: wg_noise: fix remote refcount leak

In the occasion that noise_begin_session returns != 0, we could
accidentally leak the remote refcount, as the caller to
consume_response only expects *rp to be set when ret == 0.

The only situation we could leak this is if we cannot allocate memory
for the new keypair.

Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
---
 src/wg_noise.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/wg_noise.c')

diff --git a/src/wg_noise.c b/src/wg_noise.c
index 7acf1b6..5e98fbe 100644
--- a/src/wg_noise.c
+++ b/src/wg_noise.c
@@ -1163,8 +1163,8 @@ noise_consume_response(struct noise_local *l, struct noise_remote **rp,
 	    r->r_index.i_local_index == r_idx) {
 		r->r_handshake = hs;
 		r->r_index.i_remote_index = s_idx;
-		ret = noise_begin_session(r);
-		*rp = noise_remote_ref(r);
+		if ((ret = noise_begin_session(r)) == 0)
+			*rp = noise_remote_ref(r);
 	}
 	rw_wunlock(&r->r_handshake_lock);
 error_zero:
-- 
cgit v1.2.3-59-g8ed1b