[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Tue Mar 2 02:08:43 UTC 2021

New commits:
commit 923cba70f4604365807aedd70d89f1d5bee9187e
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Mar 1 19:08:48 2021 -0500

    sec-label: fix leak when parsing IKEv2 TS security labels
    Change struct traffic_selector's .sec_label to a shunk_t.
    It alwas points into someone elses memory, for instance:
    - in v2_parse_ts(), the struct pbs_in's packet
    - in ikev2_end_to_ts(), the state's .st_{seen,acquired}_sec_label
    - in ind_connection_for_clients(), the acquire's XFRM buffer
    Also change se_label_match()'s first parameter to shunk_t so that it
    matches .sec_label (and lets HUNK_AS_SHUNK() do its job).

More information about the Swan-commit mailing list