From: David Sommerseth <davids@redhat.com>
Date: Tue, 6 Nov 2012 09:59:01 +0000 (+0100)
Subject: Fix double-free issue in pf_destroy_context()
X-Git-Tag: v2.4_alpha1~628
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f300fe94f1bd521966bb05dea40edc1fae82b84;p=thirdparty%2Fopenvpn.git

Fix double-free issue in pf_destroy_context()

In commit dc7be6d078ba106f9b0de12f3e879c3561c3c537 the string_alloc() call
in pf_init_context() was modified to use the gc_arena object for memory
allocation.  What was not taken into consideration was that
pf_destroy_context() was also freeing memory allocated by string_alloc(),
and when pf_init_context() is calling gc_free() a double-free situation
showed up.

Lets remove the explict free, and let gc_free take care of all the memory
handling.

Reported-by: cuzz@163.com
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1352196216-11560-1-git-send-email-dazo@users.sourceforge.net
URL: http://article.gmane.org/gmane.network.openvpn.devel/7124
---

diff --git a/src/openvpn/pf.c b/src/openvpn/pf.c
index 3c468019c..aafe9ff09 100644
--- a/src/openvpn/pf.c
+++ b/src/openvpn/pf.c
@@ -606,7 +606,6 @@ pf_destroy_context (struct pf_context *pfc)
   if (pfc->filename)
     {
       platform_unlink (pfc->filename);
-      free (pfc->filename);
     }
 #endif
   if (pfc->pfs)