Mailing List Archive

From:: Tobias Heider <tobias.heider@stusta.de>
Subject:: iked: fix ibuf leak in eap mschapv2
To:: tech@openbsd.org
Date:: Tue, 10 Feb 2026 11:34:29 +0100

Download raw body.

Thread

2026-02-10 10:34 Tobias Heider:
iked: fix ibuf leak in eap mschapv2
- 2026-02-10 12:31 hshoexer:
  iked: fix ibuf leak in eap mschapv2
- - 2026-02-10 12:44 Claudio Jeker:
    iked: fix ibuf leak in eap mschapv2

Start of the function allocates e = ibuf_static().
All the error paths free it properly except for this one.

ok?

commit - 96a3a92b24082e4bc76c9bd018c02a4377fcaf0d
blob - 7100b33fbb088a9ff3dec401f8d023c23669e651
file + sbin/iked/eap.c
--- sbin/iked/eap.c
+++ sbin/iked/eap.c
@@ -211,7 +211,7 @@ eap_challenge_request(struct iked *env, struct iked_sa
 		    sizeof(*ms) + strlen(name));
 
 		if ((ms = ibuf_reserve(e, sizeof(*ms))) == NULL)
-			return (-1);
+			goto done;
 		ms->msc_opcode = EAP_MSOPCODE_CHALLENGE;
 		ms->msc_id = eap->eap_id;
 		ms->msc_length = htobe16(sizeof(*ms) + strlen(name));

2026-02-10 10:34 Tobias Heider:
iked: fix ibuf leak in eap mschapv2
- 2026-02-10 12:31 hshoexer:
  iked: fix ibuf leak in eap mschapv2
- - 2026-02-10 12:44 Claudio Jeker:
    iked: fix ibuf leak in eap mschapv2