aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c')
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
index cf85cb0a6..f3b5b1d4a 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -265,9 +265,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block)
{
struct nlmsghdr *hdr;
char buf[this->buflen];
- ssize_t len;
+ ssize_t len, read_len;
+ bool wipe = FALSE;
- len = read_msg(this, buf, sizeof(buf), block);
+ len = read_len = read_msg(this, buf, sizeof(buf), block);
if (len == -1)
{
return TRUE;
@@ -277,6 +278,11 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block)
hdr = (struct nlmsghdr*)buf;
while (NLMSG_OK(hdr, len))
{
+ if (this->protocol == NETLINK_XFRM &&
+ hdr->nlmsg_type == XFRM_MSG_NEWSA)
+ { /* wipe potential IPsec SA keys */
+ wipe = TRUE;
+ }
if (!queue(this, hdr))
{
break;
@@ -284,6 +290,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block)
hdr = NLMSG_NEXT(hdr, len);
}
}
+ if (wipe)
+ {
+ memwipe(buf, read_len);
+ }
return FALSE;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 01:40:33 +0000