From a2fbe9f3f9938cf3e6fcfad9fe6fc9044f990fe8 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 16 Sep 2024 15:08:36 +0900 Subject: [PATCH] network/sysctl-monitor: fix use-after-free Previously, manager_free() did not assign NULL to Manager.sysctl_shadow, hence sysctl_clear_link_shadows() called by link_free() will causes use-after-free. To fix the issue, this makes Manager.sysctl_shadow will be set to NULL after it is freed, Fixes a bug introduced by 6d9ef22acdeac4b429efb75164341233955484af. --- src/network/networkd-manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c index 9925f3c25ae..631ab855626 100644 --- a/src/network/networkd-manager.c +++ b/src/network/networkd-manager.c @@ -624,7 +624,7 @@ Manager* manager_free(Manager *m) { HASHMAP_FOREACH(link, m->links_by_index) (void) link_stop_engines(link, true); - hashmap_free(m->sysctl_shadow); + m->sysctl_shadow = hashmap_free(m->sysctl_shadow); m->request_queue = ordered_set_free(m->request_queue); m->remove_request_queue = ordered_set_free(m->remove_request_queue); -- 2.47.3