[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Tue Mar 2 02:08:43 UTC 2021
New commits:
commit 923cba70f4604365807aedd70d89f1d5bee9187e
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Mar 1 19:08:48 2021 -0500
sec-label: fix leak when parsing IKEv2 TS security labels
Change struct traffic_selector's .sec_label to a shunk_t.
It alwas points into someone elses memory, for instance:
- in v2_parse_ts(), the struct pbs_in's packet
- in ikev2_end_to_ts(), the state's .st_{seen,acquired}_sec_label
- in ind_connection_for_clients(), the acquire's XFRM buffer
Also change se_label_match()'s first parameter to shunk_t so that it
matches .sec_label (and lets HUNK_AS_SHUNK() do its job).
More information about the Swan-commit
mailing list