[ovs-dev] [PATCH] stream-ssl: Avoid access-after-free error in update_ssl_config().

Justin Pettit jpettit at nicira.com
Wed Apr 14 23:43:25 UTC 2010


Looks good.

--Justin


On Apr 14, 2010, at 4:03 PM, Ben Pfaff wrote:

> Commit b84f503d "stream-ssl: Read existing CA certificate more eagerly
> during bootstrap" inadvertently introduced an access-after-free error:
> 
>  do_ca_cert_bootstrap() calls
>    stream_ssl_set_ca_cert_file(ca_cert.file_name, true), which calls
>      update_ssl_config(&ca_cert, file_name), which calls
>        free(ca_cert.file_name) then xstrdup(ca_cert.file_name).
> 
> Fix the problem.
> 
> Reported-by: Cedric Hobbs <cedric at nicira.com>
> Reported-by: Peter Balland <peter at nicira.com>
> ---
> lib/stream-ssl.c |    7 +++++--
> 1 files changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
> index 153357c..aeca21e 100644
> --- a/lib/stream-ssl.c
> +++ b/lib/stream-ssl.c
> @@ -954,9 +954,12 @@ update_ssl_config(struct ssl_config_file *config, const char *file_name)
>         return false;
>     }
> 
> +    /* Update 'config'. */
>     config->mtime = mtime;
> -    free(config->file_name);
> -    config->file_name = xstrdup(file_name);
> +    if (file_name != config->file_name) {
> +        free(config->file_name);
> +        config->file_name = xstrdup(file_name);
> +    }
>     return true;
> }
> 
> -- 
> 1.6.6.1
> 
> 
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev_openvswitch.org





More information about the dev mailing list