proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-04-29 18:10:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

spf6d: fix use after free (2) (Coverity 1221459)

Browse Source 
Previous fix was incomplete, as calling ospf6_lsa_unlock() frees 'req' but
it does not put it to zero, so it was called ospf6_lsdb_remove() afterwards
even being 'req' already freed.

Signed-off-by: F. Aragon <paco@voltanet.io>
This commit is contained in:
paco 2018-06-20 18:09:35 +02:00
parent ce872c6adb
commit 7edb6aa583
No known key found for this signature in database
GPG Key ID: FD112A8C7E6A5E4A
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ospf6d/ospf6_flood.c
View File

@ -347,6 +347,7 @@ void ospf6_flood_interface(struct ospf6_neighbor *from, struct ospf6_lsa *lsa,
"Received is newer, remove requesting");
if (req == on->last_ls_req) {
ospf6_lsa_unlock(req);
req = NULL;
on->last_ls_req = NULL;
}
if (req)