From 7391156ce68a81f258d65f498ec6161d694fae47 Mon Sep 17 00:00:00 2001 From: Benoît Ganne Date: Wed, 16 Oct 2019 15:08:37 +0200 Subject: fib: fix use-after-free for interface adj removal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Type: fix Change-Id: I82308e368d14d84f5970dad229bdcf2de7d1839d Signed-off-by: Benoît Ganne --- src/vnet/adj/adj_nbr.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src') diff --git a/src/vnet/adj/adj_nbr.c b/src/vnet/adj/adj_nbr.c index cbd6691f78f..7f053c82d59 100644 --- a/src/vnet/adj/adj_nbr.c +++ b/src/vnet/adj/adj_nbr.c @@ -823,12 +823,15 @@ adj_nbr_interface_delete_one (adj_index_t ai, }; ip_adjacency_t *adj; + adj_lock(ai); + adj = adj_get(ai); adj->ia_flags |= ADJ_FLAG_SYNC_WALK_ACTIVE; fib_walk_sync(FIB_NODE_TYPE_ADJ, ai, &bw_ctx); adj->ia_flags &= ~ADJ_FLAG_SYNC_WALK_ACTIVE; + adj_unlock(ai); return (ADJ_WALK_RC_CONTINUE); } -- cgit 1.2.3-korg