New commits:
commit 6640bfe7a76727650e3e23f9c685e27f6cc88186
Author: Andrew Cagney <[email protected]>
Date: Fri Feb 2 20:53:37 2018 -0500
xauth: purge free(xauth) and callback code from xauth_abort() (fix double
free)
The fork-callback (xauth_pam_child_cleanup()), which is "always" called,
is responsible for freeing the context parameter / xauth struct. Freeing
the xauth struct early, in xauth_abort(), causes a use-after-free and
double-free. See cda486a95acc829c7461c7e6e66d6dd322fc3eec.
("always"? During shutdown, because exit() is called directly from an
event handler, the fork-callback doesn't get a chance to run. Oops.)
Since glibc's pthreads are no longer being used, the hack in
xauth_abort() to callback early because pthread cancel was broken
isn't needed (remember it is using kill(SIGKILL)).
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
