New commits: commit c74c60162bc9648658ab48b6d53bee458603610e Author: Andrew Cagney <cag...@gnu.org> Date: Tue Dec 12 14:46:16 2017 -0500
crypt: don't share DH secret between main and crypto helper threads Instead transfer it back and forth between the state and helper objects so that, at any point, there is only one owner. Blame IKEv1 for this added complexity in the comments; pure IKEv2 can simply send and forget. Fixes a use-after-free where the main thread deletes the DH secret while the crypto helper is still trying to to use it. Does not fix a leak of the DH secret where the crypto helper either gets cancelled or finds its state was deleted. _______________________________________________ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit