Signed-off-by: Arne Schwabe <[email protected]>
---
src/openvpn/ssl.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 618cc9cc..98ce38f9 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1109,7 +1109,10 @@ tls_session_init(struct tls_multi *multi, struct
tls_session *session)
* @param session - A pointer to the \c tls_session structure to be
* cleaned up.
* @param clear - Whether the memory allocated for the \a session
- * object should be overwritten with 0s.
+ * object should be overwritten with 0s. This
+ * implicitly sets many states to 0/false,
+ * e.g. the validity of the keys in the structure
+ *
*/
static void
tls_session_free(struct tls_session *session, bool clear)
@@ -1118,6 +1121,9 @@ tls_session_free(struct tls_session *session, bool clear)
for (size_t i = 0; i < KS_SIZE; ++i)
{
+ /* we don't need clear=true for this call since
+ * the structs are part of session and get cleared
+ * as part of session */
key_state_free(&session->key[i], false);
}
--
2.26.2
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
