charon-nm: Clear secrets when disconnecting
authorTobias Brunner <tobias@strongswan.org>
Fri, 8 May 2020 08:33:55 +0000 (10:33 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 8 May 2020 16:12:20 +0000 (18:12 +0200)
The need_secrets() method is called before connect() (where we clear the
previous secrets too), so e.g. a password-protected private could be
decrypted with the cached password from earlier but if the password was not
stored with the connection, it would later fail as no password was requested
from the user that could be passed to connect().

References #3428.

src/charon-nm/nm/nm_service.c

index dba1276..771466a 100644 (file)
@@ -974,6 +974,11 @@ static gboolean do_disconnect(gpointer plugin)
                        enumerator->destroy(enumerator);
                        charon->controller->terminate_ike(charon->controller, id, FALSE,
                                                                                          controller_cb_empty, NULL, 0);
+
+                       /* clear secrets as we are asked for new secrets (where we'd find
+                        * the cached secrets from earlier connections) before we clear
+                        * them in connect() */
+                       priv->creds->clear(priv->creds);
                        return FALSE;
                }
        }