diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2017-09-01 17:21:25 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-09-01 17:21:25 +0200 |
| commit | d35f9a428e3443c4478b3ba1b03d7f69ce43436c (patch) | |
| tree | c57633158ae938ac37bac0be0564fc9360746999 /src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c | |
| parent | debb2443d93d74388b2330341a787e5ba420909d (diff) | |
| parent | 11d6b62db969bdd808d0f56706cb18f113927a31 (diff) | |
| download | vyos-strongswan-d35f9a428e3443c4478b3ba1b03d7f69ce43436c.tar.gz vyos-strongswan-d35f9a428e3443c4478b3ba1b03d7f69ce43436c.zip | |
Updated version 5.6.0 from 'upstream/5.6.0'
with Debian dir e138a03837a338ec35cc53a33de19381770a5f0c
Diffstat (limited to 'src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c')
| -rw-r--r-- | src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index cf85cb0a6..f3b5b1d4a 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -265,9 +265,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) { struct nlmsghdr *hdr; char buf[this->buflen]; - ssize_t len; + ssize_t len, read_len; + bool wipe = FALSE; - len = read_msg(this, buf, sizeof(buf), block); + len = read_len = read_msg(this, buf, sizeof(buf), block); if (len == -1) { return TRUE; @@ -277,6 +278,11 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) hdr = (struct nlmsghdr*)buf; while (NLMSG_OK(hdr, len)) { + if (this->protocol == NETLINK_XFRM && + hdr->nlmsg_type == XFRM_MSG_NEWSA) + { /* wipe potential IPsec SA keys */ + wipe = TRUE; + } if (!queue(this, hdr)) { break; @@ -284,6 +290,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) hdr = NLMSG_NEXT(hdr, len); } } + if (wipe) + { + memwipe(buf, read_len); + } return FALSE; } |