aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/hs_apps/echo_client.c
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2019-09-11 16:40:04 +0200
committerDave Wallace <dwallacelf@gmail.com>2019-09-12 14:18:14 +0000
commit58519563acc0933771172941291b7d0de2ffeddc (patch)
treebe3730ce6a9319c04576078c86d11d47849c4ac8 /src/plugins/hs_apps/echo_client.c
parent6d6456ab421ee30f14aded964bad2d3ba55bcf20 (diff)
hsa: fix memory management bugs
Fix use-after-free and non-null terminated string. Type: fix Change-Id: Ibba2a6cae68c612a34477aa813b3bf27a0c8fc1f Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/plugins/hs_apps/echo_client.c')
-rw-r--r--src/plugins/hs_apps/echo_client.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/plugins/hs_apps/echo_client.c b/src/plugins/hs_apps/echo_client.c
index dc1384ce4b5..076fca22deb 100644
--- a/src/plugins/hs_apps/echo_client.c
+++ b/src/plugins/hs_apps/echo_client.c
@@ -370,6 +370,7 @@ quic_echo_clients_qsession_connected_callback (u32 app_index, u32 api_context,
u8 thread_index = vlib_get_thread_index ();
session_endpoint_cfg_t sep = SESSION_ENDPOINT_CFG_NULL;
u32 stream_n;
+ session_handle_t handle;
DBG ("QUIC Connection handle %d", session_handle (s));
@@ -377,7 +378,7 @@ quic_echo_clients_qsession_connected_callback (u32 app_index, u32 api_context,
a->uri = (char *) ecm->connect_uri;
if (parse_uri (a->uri, &sep))
return -1;
- sep.parent_handle = session_handle (s);
+ sep.parent_handle = handle = session_handle (s);
for (stream_n = 0; stream_n < ecm->quic_streams; stream_n++)
{
@@ -394,8 +395,11 @@ quic_echo_clients_qsession_connected_callback (u32 app_index, u32 api_context,
}
DBG ("QUIC stream %d connected", stream_n);
}
- vec_add1 (ecm->quic_session_index_by_thread[thread_index],
- session_handle (s));
+ /*
+ * 's' is no longer valid, its underlying pool could have been moved in
+ * vnet_connect()
+ */
+ vec_add1 (ecm->quic_session_index_by_thread[thread_index], handle);
vec_free (a);
return 0;
}