From: Ben Pfaff <blp@nicira.com>
Date: Wed, 14 Apr 2010 23:02:38 +0000 (-0700)
Subject: stream-ssl: Avoid access-after-free error in update_ssl_config().
X-Git-Tag: v1.0.0~152
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=2b1a27a1f834fd5f02cd1c376769bf5450805983;p=sliver-openvswitch.git

stream-ssl: Avoid access-after-free error in update_ssl_config().

Commit b84f503d "stream-ssl: Read existing CA certificate more eagerly
during bootstrap" inadvertently introduced an access-after-free error:

  do_ca_cert_bootstrap() calls
    stream_ssl_set_ca_cert_file(ca_cert.file_name, true), which calls
      update_ssl_config(&ca_cert, file_name), which calls
        free(ca_cert.file_name) then xstrdup(ca_cert.file_name).

Fix the problem.

Reported-by: Cedric Hobbs <cedric@nicira.com>
Reported-by: Peter Balland <peter@nicira.com>
---

diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 153357cd7..aeca21ecc 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -954,9 +954,12 @@ update_ssl_config(struct ssl_config_file *config, const char *file_name)
         return false;
     }
 
+    /* Update 'config'. */
     config->mtime = mtime;
-    free(config->file_name);
-    config->file_name = xstrdup(file_name);
+    if (file_name != config->file_name) {
+        free(config->file_name);
+        config->file_name = xstrdup(file_name);
+    }
     return true;
 }