From d4aeb84c3f066b755b723163da292eab95bd1ef9 Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Thu, 18 Jul 2019 18:38:42 +0200
Subject: session: fix use-after-free
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Make sure to reinitialize data before free-ing it.

Type: fix

Change-Id: I45727c456d0345204d4825ecdd9690c5ebeb5e94
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/vnet/tcp/tcp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/vnet/tcp/tcp.c')

diff --git a/src/vnet/tcp/tcp.c b/src/vnet/tcp/tcp.c
index 75a45a448bd..8467ea4fd67 100644
--- a/src/vnet/tcp/tcp.c
+++ b/src/vnet/tcp/tcp.c
@@ -192,9 +192,9 @@ tcp_half_open_connection_del (tcp_connection_t * tc)
 {
   tcp_main_t *tm = vnet_get_tcp_main ();
   clib_spinlock_lock_if_init (&tm->half_open_lock);
-  pool_put_index (tm->half_open_connections, tc->c_c_index);
   if (CLIB_DEBUG)
     clib_memset (tc, 0xFA, sizeof (*tc));
+  pool_put (tm->half_open_connections, tc);
   clib_spinlock_unlock_if_init (&tm->half_open_lock);
 }
 
-- 
cgit 1.2.3-korg