diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2015-07-07 19:13:32 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2015-07-07 19:13:32 +0000 |
commit | 671b92a07833645621215afe7c48c04df7aee3d7 (patch) | |
tree | 204ba0341d25b1f37d5a28157000307392a1835a /sbin/iked/config.c | |
parent | b84cd61057b6917d36e95f086d16f10e988858bb (diff) |
repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQ
(e.g. the policy might be used-after-free on 'ikectl reconfig')
ok mikeb@
Diffstat (limited to 'sbin/iked/config.c')
-rw-r--r-- | sbin/iked/config.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/sbin/iked/config.c b/sbin/iked/config.c index 0adbf2c0de3..0e05d8f0361 100644 --- a/sbin/iked/config.c +++ b/sbin/iked/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.35 2015/02/06 10:39:01 deraadt Exp $ */ +/* $OpenBSD: config.c,v 1.36 2015/07/07 19:13:31 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -106,7 +106,7 @@ config_free_sa(struct iked *env, struct iked_sa *sa) } if (sa->sa_policy) { - (void)RB_REMOVE(iked_sapeers, &sa->sa_policy->pol_sapeers, sa); + TAILQ_REMOVE(&sa->sa_policy->pol_sapeers, sa, sa_peer_entry); policy_unref(env, sa->sa_policy); } @@ -157,8 +157,10 @@ config_new_policy(struct iked *env) if ((pol = calloc(1, sizeof(*pol))) == NULL) return (NULL); + /* XXX caller does this again */ TAILQ_INIT(&pol->pol_proposals); - RB_INIT(&pol->pol_sapeers); + TAILQ_INIT(&pol->pol_sapeers); + RB_INIT(&pol->pol_flows); return (pol); } @@ -173,10 +175,13 @@ config_free_policy(struct iked *env, struct iked_policy *pol) TAILQ_REMOVE(&env->sc_policies, pol, pol_entry); - RB_FOREACH(sa, iked_sapeers, &pol->pol_sapeers) { - /* Remove from the policy tree, but keep for existing SAs */ + TAILQ_FOREACH(sa, &pol->pol_sapeers, sa_peer_entry) { + /* Remove from the policy list, but keep for existing SAs */ if (sa->sa_policy == pol) policy_ref(env, pol); + else + log_warnx("%s: ERROR: sa_policy %p != pol %p", + __func__, sa->sa_policy, pol); } if (pol->pol_refcnt) @@ -687,6 +692,7 @@ config_getpolicy(struct iked *env, struct imsg *imsg) offset += sizeof(*pol); TAILQ_INIT(&pol->pol_proposals); + TAILQ_INIT(&pol->pol_sapeers); RB_INIT(&pol->pol_flows); for (i = 0; i < pol->pol_nproposals; i++) { |