From d4aeb84c3f066b755b723163da292eab95bd1ef9 Mon Sep 17 00:00:00 2001 From: Benoît Ganne Date: Thu, 18 Jul 2019 18:38:42 +0200 Subject: session: fix use-after-free MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make sure to reinitialize data before free-ing it. Type: fix Change-Id: I45727c456d0345204d4825ecdd9690c5ebeb5e94 Signed-off-by: Benoît Ganne --- src/vnet/session/application.c | 2 +- src/vnet/session/application_worker.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/vnet/session') diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c index d4f3d61ab61..583c4b055ee 100644 --- a/src/vnet/session/application.c +++ b/src/vnet/session/application.c @@ -52,9 +52,9 @@ static void app_listener_free (application_t * app, app_listener_t * app_listener) { clib_bitmap_free (app_listener->workers); - pool_put (app->listeners, app_listener); if (CLIB_DEBUG) clib_memset (app_listener, 0xfa, sizeof (*app_listener)); + pool_put (app->listeners, app_listener); } session_handle_t diff --git a/src/vnet/session/application_worker.c b/src/vnet/session/application_worker.c index 30edf3c32cc..c45679735b9 100644 --- a/src/vnet/session/application_worker.c +++ b/src/vnet/session/application_worker.c @@ -109,9 +109,9 @@ app_worker_free (app_worker_t * app_wrk) segment_manager_free (sm); } - pool_put (app_workers, app_wrk); if (CLIB_DEBUG) clib_memset (app_wrk, 0xfe, sizeof (*app_wrk)); + pool_put (app_workers, app_wrk); } application_t * -- cgit 1.2.3-korg