Fixed timeout double free. Makek sure prop->cipher and prop->hash

author Pekka Riikonen <priikone@silcnet.org>

Fri, 8 Jun 2007 20:37:54 +0000 (20:37 +0000)

committer Pekka Riikonen <priikone@silcnet.org>

Fri, 8 Jun 2007 20:37:54 +0000 (20:37 +0000)
author Pekka Riikonen <priikone@silcnet.org>
Fri, 8 Jun 2007 20:37:54 +0000 (20:37 +0000)
committer Pekka Riikonen <priikone@silcnet.org>
Fri, 8 Jun 2007 20:37:54 +0000 (20:37 +0000)
diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c

index 69b43607173a3e5f0b190fb72277562370580d78..b5686595213f6494d278f45012d40a5e99aef2d3 100644 (file)
--- a/lib/silcske/silcske.c
+++ b/lib/silcske/silcske.c
@@ -2550,10 +2550,15 @@ SILC_FSM_STATE(silc_ske_st_rekey_initiator_done)
                          &hmac_send, NULL, NULL)) {
      /** Cannot get keys */
      ske->status = SILC_SKE_STATUS_ERROR;
+    ske->prop->cipher = NULL;
+    ske->prop->hmac = NULL;
      silc_fsm_next(fsm, silc_ske_st_initiator_error);
      return SILC_FSM_CONTINUE;
    }
  
+  ske->prop->cipher = NULL;
+  ske->prop->hmac = NULL;
+
    /* Set the new keys into use.  This will also send REKEY_DONE packet.  Any
       packet sent after this call will be protected with the new keys. */
    if (!silc_packet_set_keys(ske->stream, send_key, NULL, hmac_send, NULL,
@@ -2561,6 +2566,8 @@ SILC_FSM_STATE(silc_ske_st_rekey_initiator_done)
      /** Cannot set keys */
      SILC_LOG_DEBUG(("Cannot set new keys, error sending REKEY_DONE"));
      ske->status = SILC_SKE_STATUS_ERROR;
+    silc_cipher_free(send_key);
+    silc_hmac_free(hmac_send);
      silc_fsm_next(fsm, silc_ske_st_initiator_error);
      return SILC_FSM_CONTINUE;
    }
@@ -2597,6 +2604,8 @@ SILC_FSM_STATE(silc_ske_st_rekey_initiator_end)
                          NULL, &hmac_receive, NULL)) {
      /** Cannot get keys */
      ske->status = SILC_SKE_STATUS_ERROR;
+    ske->prop->cipher = NULL;
+    ske->prop->hmac = NULL;
      silc_fsm_next(fsm, silc_ske_st_initiator_error);
      return SILC_FSM_CONTINUE;
    }
@@ -2608,6 +2617,8 @@ SILC_FSM_STATE(silc_ske_st_rekey_initiator_end)
      /** Cannot set keys */
      SILC_LOG_DEBUG(("Cannot set new keys"));
      ske->status = SILC_SKE_STATUS_ERROR;
+    silc_cipher_free(receive_key);
+    silc_hmac_free(hmac_receive);
      silc_fsm_next(fsm, silc_ske_st_initiator_error);
      return SILC_FSM_CONTINUE;
    }
@@ -2619,6 +2630,8 @@ SILC_FSM_STATE(silc_ske_st_rekey_initiator_end)
    if (!rekey) {
      /** No memory */
      ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+    ske->prop->cipher = NULL;
+    ske->prop->hmac = NULL;
      silc_fsm_next(fsm, silc_ske_st_initiator_error);
      return SILC_FSM_CONTINUE;
    }
@@ -2696,7 +2709,6 @@ SILC_FSM_STATE(silc_ske_st_rekey_responder_wait)
    silc_schedule_task_add_timeout(ske->schedule, silc_ske_timeout,
                                  ske, 30, 0);
  
-
    silc_fsm_next(fsm, silc_ske_st_rekey_responder_start);
  
    /* If REKEY packet already received process it directly */
@@ -2812,10 +2824,15 @@ SILC_FSM_STATE(silc_ske_st_rekey_responder_done)
                          &hmac_send, NULL, NULL)) {
      /** Cannot get keys */
      ske->status = SILC_SKE_STATUS_ERROR;
+    ske->prop->cipher = NULL;
+    ske->prop->hmac = NULL;
      silc_fsm_next(fsm, silc_ske_st_responder_error);
      return SILC_FSM_CONTINUE;
    }
  
+  ske->prop->cipher = NULL;
+  ske->prop->hmac = NULL;
+
    /* Set the new keys into use.  This will also send REKEY_DONE packet.  Any
       packet sent after this call will be protected with the new keys. */
    if (!silc_packet_set_keys(ske->stream, send_key, NULL, hmac_send, NULL,
@@ -2823,6 +2840,8 @@ SILC_FSM_STATE(silc_ske_st_rekey_responder_done)
      /** Cannot set keys */
      SILC_LOG_DEBUG(("Cannot set new keys, error sending REKEY_DONE"));
      ske->status = SILC_SKE_STATUS_ERROR;
+    silc_cipher_free(send_key);
+    silc_hmac_free(hmac_send);
      silc_fsm_next(fsm, silc_ske_st_responder_error);
      return SILC_FSM_CONTINUE;
    }
@@ -2859,6 +2878,8 @@ SILC_FSM_STATE(silc_ske_st_rekey_responder_end)
                          NULL, &hmac_receive, NULL)) {
      /** Cannot get keys */
      ske->status = SILC_SKE_STATUS_ERROR;
+    ske->prop->cipher = NULL;
+    ske->prop->hmac = NULL;
      silc_fsm_next(fsm, silc_ske_st_responder_error);
      return SILC_FSM_CONTINUE;
    }
@@ -2870,6 +2891,10 @@ SILC_FSM_STATE(silc_ske_st_rekey_responder_end)
      /** Cannot set keys */
      SILC_LOG_DEBUG(("Cannot set new keys"));
      ske->status = SILC_SKE_STATUS_ERROR;
+    ske->prop->cipher = NULL;
+    ske->prop->hmac = NULL;
+    silc_cipher_free(receive_key);
+    silc_hmac_free(hmac_receive);
      silc_fsm_next(fsm, silc_ske_st_responder_error);
      return SILC_FSM_CONTINUE;
    }
@@ -2881,6 +2906,8 @@ SILC_FSM_STATE(silc_ske_st_rekey_responder_end)
    if (!rekey) {
      /** No memory */
      ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+    ske->prop->cipher = NULL;
+    ske->prop->hmac = NULL;
      silc_fsm_next(fsm, silc_ske_st_responder_error);
      return SILC_FSM_CONTINUE;
    }
author	Pekka Riikonen <priikone@silcnet.org>
	Fri, 8 Jun 2007 20:37:54 +0000 (20:37 +0000)
committer	Pekka Riikonen <priikone@silcnet.org>
	Fri, 8 Jun 2007 20:37:54 +0000 (20:37 +0000)