[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Mon Jan 15 15:56:37 UTC 2018


New commits:
commit 52138cfdf3e6b2c386833e45117895c7cf4f2109
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Jan 15 10:51:25 2018 -0500

    ikev2: add debug-log to show a use-after-free
    
    If the initial initator receives an MD containing INVALID_KE
    it deletes the MD, and then kicks of a new KE calculation
    passing that a fake-md.
    
    Problem is in complete_v2_state_transition() which gets passed
    a reference to the original, and now deleted MD and then tries
    to use that to find ST.  Just by luck, the fake_md, gets allocated
    the same location as the deleted MD.



More information about the Swan-commit mailing list