[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Mon Jan 15 15:56:37 UTC 2018
New commits:
commit 52138cfdf3e6b2c386833e45117895c7cf4f2109
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Jan 15 10:51:25 2018 -0500
ikev2: add debug-log to show a use-after-free
If the initial initator receives an MD containing INVALID_KE
it deletes the MD, and then kicks of a new KE calculation
passing that a fake-md.
Problem is in complete_v2_state_transition() which gets passed
a reference to the original, and now deleted MD and then tries
to use that to find ST. Just by luck, the fake_md, gets allocated
the same location as the deleted MD.
More information about the Swan-commit
mailing list