Hi Steffan, On 03/12/2020 16:49, Steffan Karger wrote: > diff --git a/src/openvpn/init.c b/src/openvpn/init.c > index 27a4170d..5cde8a4b 100644 > --- a/src/openvpn/init.c > +++ b/src/openvpn/init.c > @@ -3619,6 +3619,7 @@ do_close_free_key_schedule(struct context *c, bool > free_ssl_ctx) > * always free the tls_auth/crypt key. If persist_key is true, the key > will > * be reloaded from memory (pre-cached) > */ > + free_key_ctx(&c->c1.ks.tls_crypt_v2_server_key); > free_key_ctx_bi(&c->c1.ks.tls_wrap_key); > CLEAR(c->c1.ks.tls_wrap_key); > buf_clear(&c->c1.ks.tls_crypt_v2_wkc);
A few lines below we call key_schedule_free() (under certain conditions) which also performs: free_key_ctx(&ks->tls_crypt_v2_server_key); I believe it is safe to call free_key_ctx() twice on the same object, but wouldn't it be better to have it called once only along the same code path? Regards, -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
