[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Tue Feb 6 15:31:04 UTC 2018
New commits:
commit 6640bfe7a76727650e3e23f9c685e27f6cc88186
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Feb 2 20:53:37 2018 -0500
xauth: purge free(xauth) and callback code from xauth_abort() (fix double free)
The fork-callback (xauth_pam_child_cleanup()), which is "always" called,
is responsible for freeing the context parameter / xauth struct. Freeing
the xauth struct early, in xauth_abort(), causes a use-after-free and
double-free. See cda486a95acc829c7461c7e6e66d6dd322fc3eec.
("always"? During shutdown, because exit() is called directly from an
event handler, the fork-callback doesn't get a chance to run. Oops.)
Since glibc's pthreads are no longer being used, the hack in
xauth_abort() to callback early because pthread cancel was broken
isn't needed (remember it is using kill(SIGKILL)).
More information about the Swan-commit
mailing list