Fix double-free issue in pf_destroy_context()

In commit dc7be6d078ba106f9b0de12f3e879c3561c3c537 the string_alloc() call
in pf_init_context() was modified to use the gc_arena object for memory
allocation.  What was not taken into consideration was that
pf_destroy_context() was also freeing memory allocated by string_alloc(),
and when pf_init_context() is calling gc_free() a double-free situation
showed up.

Lets remove the explict free, and let gc_free take care of all the memory
handling.

Reported-by: cuzz@163.com
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1352196216-11560-1-git-send-email-dazo@users.sourceforge.net
URL: http://article.gmane.org/gmane.network.openvpn.devel/7124
(cherry picked from commit 1f300fe94f1bd521966bb05dea40edc1fae82b84)

diff --git a/src/openvpn/pf.c b/src/openvpn/pf.c
index 3c468019c8a1b9dceab68f81cc52c25bb9b21e41..aafe9ff096571ae57efa6afa583b094a547bd779 100644 (file)
--- a/src/openvpn/pf.c
+++ b/src/openvpn/pf.c
@@ -606,7 +606,6 @@ pf_destroy_context (struct pf_context *pfc)
   if (pfc->filename)
     {
       platform_unlink (pfc->filename);
-      free (pfc->filename);
     }
 #endif
   if (pfc->pfs)