summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2021-06-22 15:39:16 +0200
committerDamjan Marion <dmarion@me.com>2021-08-20 11:36:51 +0000
commit37665ea1c11ea13e681e37da669ea3581a84252d (patch)
tree2d117bc29fd84634231a54e721609b7dc44ee697
parentea1f491314caaf083f1936fe099b974d4b284ba7 (diff)
ikev2: fix use-after-free
Type: fix Change-Id: Ia3bacefdad674807de873b5c457b8470f66193f3 Signed-off-by: Benoît Ganne <bganne@cisco.com>
-rw-r--r--src/plugins/ikev2/ikev2.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 4f0e49fe5be..cfcbcd4bc5f 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -5208,7 +5208,8 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
vec_foreach (sai, to_be_deleted)
{
sa = pool_elt_at_index (tkm->sas, sai[0]);
- u8 reinitiate = (sa->is_initiator && sa->profile_index != ~0);
+ const u32 profile_index = sa->profile_index;
+ const int reinitiate = (sa->is_initiator && profile_index != ~0);
vec_foreach (c, sa->childs)
{
ikev2_delete_tunnel_interface (km->vnet_main, sa, c);
@@ -5220,7 +5221,7 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
if (reinitiate)
{
- p = pool_elt_at_index (km->profiles, sa->profile_index);
+ p = pool_elt_at_index (km->profiles, profile_index);
if (p)
{
clib_error_t *e = ikev2_initiate_sa_init (vm, p->name);