aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2019-07-18 17:33:42 +0200
committerOle Trøan <otroan@employees.org>2019-10-04 14:01:06 +0000
commit7233846ce93fddef495a1029ca211f42afe046f2 (patch)
treebcc1fbbc8dd360c4f0b5a96acab978c8948c89b0 /src
parentb0a7c484eec9a813751e6e3fa71a9955ad5f0f74 (diff)
nat: fix use-after-free
Type: fix Change-Id: Iac91c086c4e975f0bada058f40b7b7d4475377f8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src')
-rw-r--r--src/plugins/nat/nat_inlines.h10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/plugins/nat/nat_inlines.h b/src/plugins/nat/nat_inlines.h
index e3a6f1942f7..a7ab235f40e 100644
--- a/src/plugins/nat/nat_inlines.h
+++ b/src/plugins/nat/nat_inlines.h
@@ -172,8 +172,12 @@ nat44_delete_session (snat_main_t * sm, snat_session_t * ses,
snat_main_per_thread_data_t *tsm = vec_elt_at_index (sm->per_thread_data,
thread_index);
clib_bihash_kv_8_8_t kv, value;
- snat_user_key_t u_key;
snat_user_t *u;
+ const snat_user_key_t u_key = {
+ .addr = ses->in2out.addr,
+ .fib_index = ses->in2out.fib_index
+ };
+ const u8 u_static = snat_is_session_static (ses);
clib_dlist_remove (tsm->list_pool, ses->per_user_index);
pool_put_index (tsm->list_pool, ses->per_user_index);
@@ -181,13 +185,11 @@ nat44_delete_session (snat_main_t * sm, snat_session_t * ses,
vlib_set_simple_counter (&sm->total_sessions, thread_index, 0,
pool_elts (tsm->sessions));
- u_key.addr = ses->in2out.addr;
- u_key.fib_index = ses->in2out.fib_index;
kv.key = u_key.as_u64;
if (!clib_bihash_search_8_8 (&tsm->user_hash, &kv, &value))
{
u = pool_elt_at_index (tsm->users, value.value);
- if (snat_is_session_static (ses))
+ if (u_static)
u->nstaticsessions--;
else
u->nsessions--;