From cbf7f953a49a98adfc4803340475ffeccefbe9fb Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri@ouroboros.rocks>
Date: Sat, 16 May 2026 15:27:14 +0200
Subject: lib: Free secure memory on process exit

There was a missing crypt_secure_malloc_fini() in the process
init/fini path.

Also fixes a 0 return from OpenSSL RAND_bytes() being interpreted as
succes instead of failure.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/lib/dev.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/lib/dev.c')

diff --git a/src/lib/dev.c b/src/lib/dev.c
index 7e9b7329..6177e50b 100644
--- a/src/lib/dev.c
+++ b/src/lib/dev.c
@@ -873,7 +873,7 @@ static void init(int     argc,
 
         if (crypt_secure_malloc_init(PROC_SECMEM_MAX) < 0) {
                 fprintf(stderr, "FATAL: Could not init secure malloc.\n");
-                goto fail_timerwheel;
+                goto fail_secmem;
         }
 
 #if defined PROC_FLOW_STATS
@@ -889,7 +889,9 @@ static void init(int     argc,
 
 #if defined PROC_FLOW_STATS
  fail_rib_init:
+        crypt_secure_malloc_fini();
 #endif
+ fail_secmem:
         tw_fini();
  fail_timerwheel:
         ssm_flow_set_close(proc.fqset);
@@ -947,6 +949,8 @@ static void fini(void)
 #ifdef PROC_FLOW_STATS
         rib_fini();
 #endif
+        crypt_secure_malloc_fini();
+
         tw_fini();
 
         ssm_flow_set_close(proc.fqset);
-- 
cgit v1.2.3