summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2019-10-02 09:08:04 +0000
committerAndrew Yourtchenko <ayourtch@gmail.com>2019-10-27 10:01:11 +0000
commit86a247310c73922166cce604ecf7cc12f4115aad (patch)
treeac2d5711e7bc806ea784cc799e76ea44fc26481b
parent0d2f654a03c98ffd933b0695e1ef9d70ada4d466 (diff)
ikev2: fix dangling pointer
Type: fix Change-Id: I8aa9029e0a5cf21aa24a90b39eb2787653f65abb Signed-off-by: Filip Tehlar <ftehlar@cisco.com> (cherry picked from commit 1890e9ce57a4b6dbc732f8f11d78001bea7c5855)
-rw-r--r--src/plugins/ikev2/ikev2.c39
-rw-r--r--src/plugins/ikev2/ikev2_priv.h3
2 files changed, 28 insertions, 14 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 3b47ee21724..e90f5a3bd3b 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -389,8 +389,9 @@ ikev2_complete_sa_data (ikev2_sa_t * sa, ikev2_sa_t * sai)
sa->iaddr.as_u32 = sai->iaddr.as_u32;
sa->raddr.as_u32 = sai->raddr.as_u32;
sa->is_initiator = sai->is_initiator;
- sa->profile = sai->profile;
sa->i_id.type = sai->i_id.type;
+ sa->profile_index = sai->profile_index;
+ sa->is_profile_index_set = sai->is_profile_index_set;
sa->i_id.data = _(sai->i_id.data);
sa->i_auth.method = sai->i_auth.method;
sa->i_auth.hex = sai->i_auth.hex;
@@ -1478,6 +1479,8 @@ static int
ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa,
ikev2_child_sa_t * child)
{
+ ikev2_main_t *km = &ikev2_main;
+ ikev2_profile_t *p = 0;
ipsec_add_del_tunnel_args_t a;
ikev2_sa_transform_t *tr;
ikev2_sa_proposal_t *proposals;
@@ -1628,11 +1631,14 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa,
a.remote_crypto_key_len = vec_len (rem_ckey);
clib_memcpy_fast (a.remote_crypto_key, rem_ckey, a.remote_crypto_key_len);
- if (sa->profile && sa->profile->lifetime)
+ if (sa->is_profile_index_set)
+ p = pool_elt_at_index (km->profiles, sa->profile_index);
+
+ if (p && p->lifetime)
{
- child->time_to_expiration = vlib_time_now (vnm->vlib_main)
- + sa->profile->lifetime;
- if (sa->profile->lifetime_jitter)
+ child->time_to_expiration =
+ vlib_time_now (vnm->vlib_main) + p->lifetime;
+ if (p->lifetime_jitter)
{
// This is not much better than rand(3), which Coverity warns
// is unsuitable for security applications; random_u32 is
@@ -1642,8 +1648,7 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa,
u32 rnd = (u32) (vlib_time_now (vnm->vlib_main) * 1e6);
rnd = random_u32 (&rnd);
- child->time_to_expiration +=
- 1 + (rnd % sa->profile->lifetime_jitter);
+ child->time_to_expiration += 1 + (rnd % p->lifetime_jitter);
}
}
@@ -2996,7 +3001,8 @@ ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name)
ikev2_sa_free_proposal_vector (&proposals);
sa.is_initiator = 1;
- sa.profile = p;
+ sa.profile_index = km->profiles - p;
+ sa.is_profile_index_set = 1;
sa.state = IKEV2_STATE_SA_INIT;
ikev2_generate_sa_init_data (&sa);
ikev2_payload_add_ke (chain, sa.dh_group, sa.i_dh_data);
@@ -3353,17 +3359,21 @@ static u8
ikev2_mngr_process_child_sa (ikev2_sa_t * sa, ikev2_child_sa_t * csa)
{
ikev2_main_t *km = &ikev2_main;
+ ikev2_profile_t *p = 0;
vlib_main_t *vm = km->vlib_main;
f64 now = vlib_time_now (vm);
u8 res = 0;
- if (sa->is_initiator && sa->profile && csa->time_to_expiration
+ if (sa->is_profile_index_set)
+ p = pool_elt_at_index (km->profiles, sa->profile_index);
+
+ if (sa->is_initiator && p && csa->time_to_expiration
&& now > csa->time_to_expiration)
{
if (!csa->is_expired || csa->rekey_retries > 0)
{
ikev2_rekey_child_sa_internal (vm, sa, csa);
- csa->time_to_expiration = now + sa->profile->handover;
+ csa->time_to_expiration = now + p->handover;
csa->is_expired = 1;
if (csa->rekey_retries == 0)
{
@@ -3399,6 +3409,7 @@ ikev2_mngr_process_ipsec_sa (ipsec_sa_t * ipsec_sa)
vlib_main_t *vm = km->vlib_main;
ikev2_main_per_thread_data_t *tkm;
ikev2_sa_t *fsa = 0;
+ ikev2_profile_t *p = 0;
ikev2_child_sa_t *fchild = 0;
f64 now = vlib_time_now (vm);
vlib_counter_t counts;
@@ -3423,10 +3434,12 @@ ikev2_mngr_process_ipsec_sa (ipsec_sa_t * ipsec_sa)
vlib_get_combined_counter (&ipsec_sa_counters,
ipsec_sa->stat_index, &counts);
- if (fchild && fsa && fsa->profile && fsa->profile->lifetime_maxdata)
+ if (fsa && fsa->is_profile_index_set)
+ p = pool_elt_at_index (km->profiles, fsa->profile_index);
+
+ if (fchild && p && p->lifetime_maxdata)
{
- if (!fchild->is_expired
- && counts.bytes > fsa->profile->lifetime_maxdata)
+ if (!fchild->is_expired && counts.bytes > p->lifetime_maxdata)
{
fchild->time_to_expiration = now;
}
diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h
index cfdc24f797a..0fedc15310a 100644
--- a/src/plugins/ikev2/ikev2_priv.h
+++ b/src/plugins/ikev2/ikev2_priv.h
@@ -250,7 +250,8 @@ typedef struct
u8 is_initiator;
u32 last_init_msg_id;
- ikev2_profile_t *profile;
+ u8 is_profile_index_set;
+ u32 profile_index;
ikev2_child_sa_t *childs;
} ikev2_sa_t;