ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ikev2: fix use-after-free

Browse Source 
Type: fix

Change-Id: Ia3bacefdad674807de873b5c457b8470f66193f3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This commit is contained in:
Benoît Ganne
2021-06-22 15:39:16 +02:00
committed by Damjan Marion
parent ea1f491314
commit 37665ea1c1
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/plugins/ikev2/ikev2.c
View File

@ -5208,7 +5208,8 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
vec_foreach (sai, to_be_deleted)
{
sa = pool_elt_at_index (tkm->sas, sai[0]);
u8 reinitiate = (sa->is_initiator && sa->profile_index != ~0);
const u32 profile_index = sa->profile_index;
const int reinitiate = (sa->is_initiator && profile_index != ~0);
vec_foreach (c, sa->childs)
{
ikev2_delete_tunnel_interface (km->vnet_main, sa, c);
@ -5220,7 +5221,7 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
if (reinitiate)
{
p = pool_elt_at_index (km->profiles, sa->profile_index);
p = pool_elt_at_index (km->profiles, profile_index);
if (p)
{
clib_error_t *e = ikev2_initiate_sa_init (vm, p->name);