New commits:
commit c74c60162bc9648658ab48b6d53bee458603610e
Author: Andrew Cagney <[email protected]>
Date: Tue Dec 12 14:46:16 2017 -0500
crypt: don't share DH secret between main and crypto helper threads
Instead transfer it back and forth between the state and helper
objects so that, at any point, there is only one owner. Blame IKEv1
for this added complexity in the comments; pure IKEv2 can simply send
and forget.
Fixes a use-after-free where the main thread deletes the DH secret
while the crypto helper is still trying to to use it.
Does not fix a leak of the DH secret where the crypto helper either
gets cancelled or finds its state was deleted.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
