diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2014-11-13 04:03:54 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2014-11-13 04:03:54 +0000 |
| commit | d56b15cded7293664977a40daaada005cc4dda2c (patch) | |
| tree | a5a7755eaccd0d110a66232a3af30f2814cb1f0b /usr.sbin | |
| parent | f9b0e88e8c5046e057cfbf0d01a43cd74401397b (diff) | |
When the pool address is changed and there is a PPP session which uses
the pool to be deleted, then the PPP session is to be deleted. But the
internal radish tree had kept the deleted session. This causes
"use-after-free", and it had made npppd crash.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/npppd/npppd/npppd.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.sbin/npppd/npppd/npppd.c b/usr.sbin/npppd/npppd/npppd.c index 9d0b45683ac..d7ed9414e43 100644 --- a/usr.sbin/npppd/npppd/npppd.c +++ b/usr.sbin/npppd/npppd/npppd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: npppd.c,v 1.37 2014/10/25 03:23:49 lteo Exp $ */ +/* $OpenBSD: npppd.c,v 1.38 2014/11/13 04:03:53 yasuoka Exp $ */ /*- * Copyright (c) 2005-2008,2009 Internet Initiative Japan Inc. @@ -29,7 +29,7 @@ * Next pppd(nppd). This file provides a npppd daemon process and operations * for npppd instance. * @author Yasuoka Masahiko - * $Id: npppd.c,v 1.37 2014/10/25 03:23:49 lteo Exp $ + * $Id: npppd.c,v 1.38 2014/11/13 04:03:53 yasuoka Exp $ */ #include "version.h" #include <sys/types.h> @@ -1751,6 +1751,7 @@ npppd_set_radish(npppd *_this, void *radish_head) } if (radish_head == NULL) npppd_get_all_users(_this, &delppp); + _this->rd = radish_head; for (slist_itr_first(&delppp); slist_itr_has_next(&delppp);) { ppp = slist_itr_next(&delppp); @@ -1760,7 +1761,6 @@ npppd_set_radish(npppd *_this, void *radish_head) ppp_stop(ppp, NULL); } slist_fini(&delppp); - _this->rd = radish_head; return 0; fail: |