diff options
| author | David Sommerseth <davids@redhat.com> | 2012-11-06 10:59:01 +0100 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2012-11-06 11:53:30 +0100 |
| commit | 03dfcd95b29eda81aee117bf9d28c001f2521e15 (patch) | |
| tree | 330463b0cc1e1c2b54b045b0752e8e8aa1aef50d | |
| parent | 78a6afee9bef68c9006d3e2477b137028c508b96 (diff) | |
| download | openvpn-03dfcd95b29eda81aee117bf9d28c001f2521e15.tar.gz openvpn-03dfcd95b29eda81aee117bf9d28c001f2521e15.tar.xz openvpn-03dfcd95b29eda81aee117bf9d28c001f2521e15.zip | |
Fix double-free issue in pf_destroy_context()
In commit dc7be6d078ba106f9b0de12f3e879c3561c3c537 the string_alloc() call
in pf_init_context() was modified to use the gc_arena object for memory
allocation. What was not taken into consideration was that
pf_destroy_context() was also freeing memory allocated by string_alloc(),
and when pf_init_context() is calling gc_free() a double-free situation
showed up.
Lets remove the explict free, and let gc_free take care of all the memory
handling.
Reported-by: cuzz@163.com
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1352196216-11560-1-git-send-email-dazo@users.sourceforge.net
URL: http://article.gmane.org/gmane.network.openvpn.devel/7124
(cherry picked from commit 1f300fe94f1bd521966bb05dea40edc1fae82b84)
| -rw-r--r-- | src/openvpn/pf.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/openvpn/pf.c b/src/openvpn/pf.c index 3c46801..aafe9ff 100644 --- a/src/openvpn/pf.c +++ b/src/openvpn/pf.c @@ -606,7 +606,6 @@ pf_destroy_context (struct pf_context *pfc) if (pfc->filename) { platform_unlink (pfc->filename); - free (pfc->filename); } #endif if (pfc->pfs) |