[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Tue Feb 6 15:31:04 UTC 2018


New commits:
commit 6640bfe7a76727650e3e23f9c685e27f6cc88186
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 2 20:53:37 2018 -0500

    xauth: purge free(xauth) and callback code from xauth_abort() (fix double free)
    
    The fork-callback (xauth_pam_child_cleanup()), which is "always" called,
    is responsible for freeing the context parameter / xauth struct.  Freeing
    the xauth struct early, in xauth_abort(), causes a use-after-free and
    double-free. See cda486a95acc829c7461c7e6e66d6dd322fc3eec.
    ("always"?  During shutdown, because exit() is called directly from an
    event handler, the fork-callback doesn't get a chance to run.  Oops.)
    
    Since glibc's pthreads are no longer being used, the hack in
    xauth_abort() to callback early because pthread cancel was broken
    isn't needed (remember it is using kill(SIGKILL)).



More information about the Swan-commit mailing list