AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-03-06 16:30:10 +03:00
Code Releases Activity

Fix dangling pointer

Browse Source 
Previously, The address of a local stack variable was passed to a new
thread. Fix dangling pointer by switching to dynamic allocation.
This problem is also known as CVE-2025-25568.
This commit is contained in:
synqa
2026-01-18 22:13:46 +09:00
parent 041581ce30
commit 1b9ac396ba
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/Cedar/Command.c
View File

@ -99,6 +99,8 @@ void CheckNetworkAcceptThread(THREAD *thread, void *param)
Disconnect(s); Disconnect(s);
ReleaseSock(s); ReleaseSock(s);
Free(c);
} }
@ -155,15 +157,15 @@ void CheckNetworkListenThread(THREAD *thread, void *param)
} }
else else
{ {
CHECK_NETWORK_2 c; CHECK_NETWORK_2 *c;
THREAD *t; THREAD *t;
Zero(&c, sizeof(c)); c = ZeroMalloc(sizeof(CHECK_NETWORK_2));
c.s = new_sock; c->s = new_sock;
c.k = pri; c->k = pri;
c.x = x; c->x = x;
t = NewThread(CheckNetworkAcceptThread, &c); t = NewThread(CheckNetworkAcceptThread, c);
Insert(o, t); Insert(o, t);
} }
} }