]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 724b1a8) | patch
cred-encoding: Avoid potential use after free when caching encodings
authorTobias Brunner <tobias@strongswan.org>
Thu, 18 Aug 2022 10:04:39 +0000 (12:04 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Sep 2022 07:53:13 +0000 (09:53 +0200)
commit48e9267d7a0d961647114add028438d544447772
treed96df49606539f072e541dcbd075d039f4ff5a12tree
parent724b1a8ae871d645961be81416843818d8bdd2fdcommit | diff
cred-encoding: Avoid potential use after free when caching encodings

The pattern currently is to call get_cache(), generate the encoding
if that failed and then store it with cache().  The latter adopts the
passed encoding and frees any stored encoding.  However, the latter means
that if two threads concurrently fail to get a cached encoding and then
both generate and store one, one of the threads might use an encoding
that was freed by the other thread.

Since encodings are not expected to change, we can avoid this issue by
not replacing an existing cache entry and instead return that (while
freeing the passed value instead of the cached one).

Closes strongswan/strongswan#1231
13 files changed:
src/libstrongswan/credentials/cred_encoding.c diff | blob | blame | history
src/libstrongswan/credentials/cred_encoding.h diff | blob | blame | history
src/libstrongswan/plugins/bliss/bliss_private_key.c diff | blob | blame | history
src/libstrongswan/plugins/bliss/bliss_public_key.c diff | blob | blame | history
src/libstrongswan/plugins/botan/botan_util.c diff | blob | blame | history
src/libstrongswan/plugins/curve25519/curve25519_private_key.c diff | blob | blame | history
src/libstrongswan/plugins/curve25519/curve25519_public_key.c diff | blob | blame | history
src/libstrongswan/plugins/openssl/openssl_ed_public_key.c diff | blob | blame | history
src/libstrongswan/plugins/openssl/openssl_util.c diff | blob | blame | history
src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c diff | blob | blame | history
src/libstrongswan/plugins/wolfssl/wolfssl_ec_public_key.c diff | blob | blame | history
src/libstrongswan/plugins/wolfssl/wolfssl_ed_public_key.c diff | blob | blame | history
src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.