]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b9d19ab)
network: fix double free in macsec_receive_channel_free()
authorYu Watanabe <watanabe.yu+github@gmail.com>
Fri, 29 May 2020 07:56:09 +0000 (16:56 +0900)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 1 Jun 2020 07:39:46 +0000 (09:39 +0200)
Fixes #15941.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22547

src/network/netdev/macsec.c patch | blob | blame | history
test/fuzz/fuzz-netdev-parser/oss-fuzz-22547 [new file with mode: 0644] patch | blob

diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c
index 3542f9652a38239a45c27d58a754f4231094c02b..8f7559e9ae7a8ad21ba23f9d4fac997171d86e99 100644 (file)
--- a/src/network/netdev/macsec.c
+++ b/src/network/netdev/macsec.c
@@ -102,7 +102,7 @@ static void macsec_receive_channel_free(ReceiveChannel *c) {
 
         if (c->macsec) {
                 if (c->sci.as_uint64 > 0)
-                        ordered_hashmap_remove(c->macsec->receive_channels, &c->sci.as_uint64);
+                        ordered_hashmap_remove_value(c->macsec->receive_channels, &c->sci.as_uint64, c);
 
                 if (c->section)
                         ordered_hashmap_remove(c->macsec->receive_channels_by_section, c->section);
diff --git a/test/fuzz/fuzz-netdev-parser/oss-fuzz-22547 b/test/fuzz/fuzz-netdev-parser/oss-fuzz-22547
new file mode 100644 (file)
index 0000000..ca55a33
--- /dev/null
+++ b/test/fuzz/fuzz-netdev-parser/oss-fuzz-22547
@@ -0,0 +1,10 @@
+[NetDev]
+Name=o
+Kind=macsec
+
+[MACsecReceiveChannel]
+MACAddress=12.0.4
+Port=913
+[MACsecReceiveChannel]
+MACAddress=12.0.4
+Port=913
Unnamed repository; edit this file 'description' to name the repository.