sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-03 00:00:24 -04:00
Code Issues Projects Releases Wiki Activity

child-create: Fix double free of list of labels after migrate

Browse Source 
If a migrate of a child-create occurs then labels_i and labels_r are
freed, but the pointers are left set. If the task is subsequently
destroyed without being reused, then both of these will be double
freed.

Fix this by setting labels_i and labels_r to NULL in the migrate
method after freeing, similar to other fields that are freed.

Closes strongswan/strongswan#2552

Fixes: f9b895b49f49 ("child-create: Add support to handle security labels")
This commit is contained in:
Rob Shearman 2024-11-14 13:15:36 +00:00 committed by Tobias Brunner
parent c8f16d18d8
commit caf81bc05c
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libcharon/sa/ikev2/tasks/child_create.c
View File

@ -2607,6 +2607,8 @@ METHOD(task_t, migrate, void,
this->proposals = NULL;
this->tsi = NULL;
this->tsr = NULL;
this->labels_i = NULL;
this->labels_r = NULL;
this->ke = NULL;
this->nonceg = NULL;
this->child_sa = NULL;