Merge pull request #18488 from maribu/backport/2022.07/ccn-lite-388

pkg/ccn-lite: patch to fix use-after-free [backport 2022.07]
RIOT-OS · Aug 23, 2022 · b2a5427 · b2a5427
2 parents 9262f36 + 9d27ba2
commit b2a5427
Showing 1 changed file with 37 additions and 0 deletions.
diff --git a/pkg/ccn-lite/patches/0004-ccnl_content_remove-Fix-use-after-free.patch b/pkg/ccn-lite/patches/0004-ccnl_content_remove-Fix-use-after-free.patch
@@ -0,0 +1,37 @@
+From e6e2d9184130fbf3f3403723b0f292fe1bb239f7 Mon Sep 17 00:00:00 2001
+From: chrysn <[email protected]>
+Date: Sat, 20 Aug 2022 16:44:15 +0200
+Subject: [PATCH] ccnl_content_remove: Fix use-after-free
+
+---
+ src/ccnl-core/src/ccnl-relay.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/ccnl-core/src/ccnl-relay.c b/src/ccnl-core/src/ccnl-relay.c
+index 57a11800..05e19903 100644
+--- a/src/ccnl-core/src/ccnl-relay.c
++++ b/src/ccnl-core/src/ccnl-relay.c
+@@ -533,6 +533,10 @@ ccnl_content_remove(struct ccnl_relay_s *ccnl, struct ccnl_content_s *c)
+     c2 = c->next;
+     DBL_LINKED_LIST_REMOVE(ccnl->contents, c);
+
++#ifdef CCNL_RIOT
++    evtimer_del((evtimer_t *)(&ccnl_evtimer), (evtimer_event_t *)&c->evtmsg_cstimeout);
++#endif
++
+ //    free_content(c);
+     if (c->pkt) {
+         ccnl_prefix_free(c->pkt->pfx);
+@@ -543,9 +547,6 @@ ccnl_content_remove(struct ccnl_relay_s *ccnl, struct ccnl_content_s *c)
+     ccnl_free(c);
+
+     ccnl->contentcnt--;
+-#ifdef CCNL_RIOT
+-    evtimer_del((evtimer_t *)(&ccnl_evtimer), (evtimer_event_t *)&c->evtmsg_cstimeout);
+-#endif
+     return c2;
+ }
+
+-- 
+2.36.1
+