commit 3ec811e2b4b4c300c5e15e1b61cc363f0efadc40
from: rsadowski <rsadowski@openbsd.org>
date: Tue Feb 24 06:03:29 2026 UTC

fix memory leak in rsae_send_imsg

If the cookie doesn't match, we bail with a continue and totally forget to
free the imsg.

OK claudio@

commit - 80347df32a3fd8cd66aeaf059fbfd16c95a2ffe7
commit + 3ec811e2b4b4c300c5e15e1b61cc363f0efadc40
blob - e54259c5971368631ee256302915d9d0e4b62c54
blob + 2fa1da9cd1e3673eed0cd4e378dad88a913cfcdc
--- ca.c
+++ ca.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ca.c,v 1.45 2024/11/21 13:21:34 claudio Exp $	*/
+/*	$OpenBSD: ca.c,v 1.46 2026/02/24 06:03:29 rsadowski Exp $	*/
 
 /*
  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -380,6 +380,7 @@ rsae_send_imsg(int flen, const u_char *from, u_char *t
 				    "%s: priv%s obsolete keyop #%x", __func__,
 				    cmd == IMSG_CA_PRIVENC ? "enc" : "dec",
 				    cko.cko_cookie);
+				imsg_free(&imsg);
 				continue;
 			}