diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-02-09 15:00:59 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-02-09 15:37:04 +0100 |
commit | 4b5d15ec2b1f148b4f718ed16d7e7f022b19fe1b (patch) | |
tree | 50c84857953c97478e3f3f7e9ebd97636f9c1129 | |
parent | 6548a682a9a06cf7041e25f7aa5ac57f1f4cf3b4 (diff) |
device: lock elem in autodraining queue before freeing
Without this, we wind up freeing packets that the encryption/decryption
queues still have, resulting in a UaF.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | device/channels.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/device/channels.go b/device/channels.go index 8cd6aee..4bd6090 100644 --- a/device/channels.go +++ b/device/channels.go @@ -89,6 +89,7 @@ func newAutodrainingInboundQueue(device *Device) chan *QueueInboundElement { if elem == nil { continue } + elem.Lock() device.PutMessageBuffer(elem.buffer) device.PutInboundElement(elem) default: @@ -118,6 +119,7 @@ func newAutodrainingOutboundQueue(device *Device) chan *QueueOutboundElement { if elem == nil { continue } + elem.Lock() device.PutMessageBuffer(elem.buffer) device.PutOutboundElement(elem) default: |