From 3a031bf0e399bbe5244ab4659e97dcac660a9f99 Mon Sep 17 00:00:00 2001 From: Christian Decker Date: Wed, 17 Mar 2021 12:27:50 +0100 Subject: [PATCH] keysend: Fix a use-after-free error By stealing the underlying buffer we could end up freeing it, causing the next read to access a freed buffer. Copying is however safe. --- plugins/keysend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/keysend.c b/plugins/keysend.c index e3dd2d37a..24743389d 100644 --- a/plugins/keysend.c +++ b/plugins/keysend.c @@ -156,7 +156,7 @@ static struct command_result *json_keysend(struct command *cmd, const char *buf, p = payment_new(cmd, cmd, NULL /* No parent */, pay_mods); p->local_id = &my_id; - p->json_buffer = tal_steal(p, buf); + p->json_buffer = tal_dup_talarr(p, const char, buf); p->json_toks = params; p->destination = tal_steal(p, destination); p->destination_has_tlv = true;