From c9232acef855b51d1bc199a68c03c0695ac11192 Mon Sep 17 00:00:00 2001 From: Sander Vrijders Date: Fri, 21 Jun 2019 19:09:14 +0200 Subject: ipcpd: Fix use after free and uninitalized value This fixes a use after free in an error condition, and makes sure that pid is set in the flow_set early on, so flow_set_destroy won't create a prefix with an uninitialized pid in case of an error in shm_flow_set_create. Signed-off-by: Sander Vrijders Signed-off-by: Dimitri Staessens --- src/lib/shm_flow_set.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib/shm_flow_set.c') diff --git a/src/lib/shm_flow_set.c b/src/lib/shm_flow_set.c index f1182a4d..e1e6c30d 100644 --- a/src/lib/shm_flow_set.c +++ b/src/lib/shm_flow_set.c @@ -148,6 +148,8 @@ struct shm_flow_set * shm_flow_set_create(pid_t pid) if (set == NULL) goto fail_set; + set->pid = getpid(); + if (pthread_mutexattr_init(&mattr)) goto fail_mutexattr_init; @@ -180,8 +182,6 @@ struct shm_flow_set * shm_flow_set_create(pid_t pid) for (i = 0; i < SYS_MAX_FLOWS; ++i) set->mtable[i] = -1; - set->pid = getpid(); - return set; fail_init: -- cgit v1.2.3