AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-01-19 18:00:11 +03:00
Code Releases Activity

Fix dangling pointer

Browse Source 
Previously, The address of a local stack variable was passed to a new
thread. Fix dangling pointer by switching to dynamic allocation.
This problem is also known as CVE-2025-25568.
This commit is contained in:
synqa
2026-01-18 22:13:46 +09:00
parent 041581ce30
commit 1b9ac396ba
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/Cedar/Command.c
View File

@ -99,6 +99,8 @@ void CheckNetworkAcceptThread(THREAD *thread, void *param)
Disconnect(s);
ReleaseSock(s);
Free(c);
}
@ -155,15 +157,15 @@ void CheckNetworkListenThread(THREAD *thread, void *param)
}
else
{
CHECK_NETWORK_2 c;
CHECK_NETWORK_2 *c;
THREAD *t;
Zero(&c, sizeof(c));
c.s = new_sock;
c.k = pri;
c.x = x;
c = ZeroMalloc(sizeof(CHECK_NETWORK_2));
c->s = new_sock;
c->k = pri;
c->x = x;
t = NewThread(CheckNetworkAcceptThread, &c);
t = NewThread(CheckNetworkAcceptThread, c);
Insert(o, t);
}
}