aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2025-12-19 15:14:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

keysend: Fix a use-after-free error

Browse Source 
By stealing the underlying buffer we could end up freeing it, causing
the next read to access a freed buffer. Copying is however safe.
This commit is contained in:
Christian Decker
2021-03-17 12:27:50 +01:00
committed by Rusty Russell
parent 286c526a81
commit 3a031bf0e3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/keysend.c
View File

@@ -156,7 +156,7 @@ static struct command_result *json_keysend(struct command *cmd, const char *buf,
p = payment_new(cmd, cmd, NULL /* No parent */, pay_mods); p = payment_new(cmd, cmd, NULL /* No parent */, pay_mods);
p->local_id = &my_id; p->local_id = &my_id;
p->json_buffer = tal_steal(p, buf); p->json_buffer = tal_dup_talarr(p, const char, buf);
p->json_toks = params; p->json_toks = params;
p->destination = tal_steal(p, destination); p->destination = tal_steal(p, destination);
p->destination_has_tlv = true; p->destination_has_tlv = true;