diff options
author | Benoît Ganne <bganne@cisco.com> | 2021-06-22 15:39:16 +0200 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2021-08-20 11:36:51 +0000 |
commit | 37665ea1c11ea13e681e37da669ea3581a84252d (patch) | |
tree | 2d117bc29fd84634231a54e721609b7dc44ee697 /src | |
parent | ea1f491314caaf083f1936fe099b974d4b284ba7 (diff) |
ikev2: fix use-after-free
Type: fix
Change-Id: Ia3bacefdad674807de873b5c457b8470f66193f3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/ikev2/ikev2.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index 4f0e49fe5be..cfcbcd4bc5f 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -5208,7 +5208,8 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, vec_foreach (sai, to_be_deleted) { sa = pool_elt_at_index (tkm->sas, sai[0]); - u8 reinitiate = (sa->is_initiator && sa->profile_index != ~0); + const u32 profile_index = sa->profile_index; + const int reinitiate = (sa->is_initiator && profile_index != ~0); vec_foreach (c, sa->childs) { ikev2_delete_tunnel_interface (km->vnet_main, sa, c); @@ -5220,7 +5221,7 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, if (reinitiate) { - p = pool_elt_at_index (km->profiles, sa->profile_index); + p = pool_elt_at_index (km->profiles, profile_index); if (p) { clib_error_t *e = ikev2_initiate_sa_init (vm, p->name); |