From: Yu Watanabe Date: Mon, 16 Sep 2024 06:08:36 +0000 (+0900) Subject: network/sysctl-monitor: fix use-after-free X-Git-Tag: v257-rc1~421^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a2fbe9f3f9938cf3e6fcfad9fe6fc9044f990fe8;p=thirdparty%2Fsystemd.git network/sysctl-monitor: fix use-after-free Previously, manager_free() did not assign NULL to Manager.sysctl_shadow, hence sysctl_clear_link_shadows() called by link_free() will causes use-after-free. To fix the issue, this makes Manager.sysctl_shadow will be set to NULL after it is freed, Fixes a bug introduced by 6d9ef22acdeac4b429efb75164341233955484af. --- diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c index 9925f3c25ae..631ab855626 100644 --- a/src/network/networkd-manager.c +++ b/src/network/networkd-manager.c @@ -624,7 +624,7 @@ Manager* manager_free(Manager *m) { HASHMAP_FOREACH(link, m->links_by_index) (void) link_stop_engines(link, true); - hashmap_free(m->sysctl_shadow); + m->sysctl_shadow = hashmap_free(m->sysctl_shadow); m->request_queue = ordered_set_free(m->request_queue); m->remove_request_queue = ordered_set_free(m->remove_request_queue);