diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2020-10-21 17:47:37 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2020-10-21 17:47:37 +0000 |
| commit | f95e1b7ca967a2fe568b0987ee4d1eefaa06eeaa (patch) | |
| tree | 4d5badc1f557b16a1a4a647975ff63ab73206005 /sbin/iked/config.c | |
| parent | af7a48bf2c688ff59a59a3813e87871a1c9452c6 (diff) | |
Remove SAs from ike_dstid_sas on 'ikectl reset sa' to prevent use after free.
Found by csszep <csszep (at) gmail (dot) com>
ok patrick@
Diffstat (limited to 'sbin/iked/config.c')
| -rw-r--r-- | sbin/iked/config.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/iked/config.c b/sbin/iked/config.c index 8b946a54f70..a3aeec0a14d 100644 --- a/sbin/iked/config.c +++ b/sbin/iked/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.70 2020/10/09 08:59:15 tobhe Exp $ */ +/* $OpenBSD: config.c,v 1.71 2020/10/21 17:47:36 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -528,6 +528,8 @@ config_getreset(struct iked *env, struct imsg *imsg) if (mode == RESET_ALL || ikev2_ike_sa_delete(env, sa) != 0) { RB_REMOVE(iked_sas, &env->sc_sas, sa); + if (sa->sa_dstid_entry_valid) + sa_dstid_remove(env, sa); config_free_sa(env, sa); } } |