On Mon, Jan 13, 2014 at 6:07 AM, David Woodhouse <dwmw2 at infradead.org> wrote: > On Sun, 2014-01-12 at 21:43 -0800, Kevin Cernekee wrote: >> library: Export VPN configuration info to callers > > In this patch, don't we have a potential use-after-free if a CSTP > reconnect happens? We throw away the existing set of options and parse a > new set... The existing code (main.c, jni.c) parses the options before calling openconnect_mainloop() and then never touches them again, so it's safe. But if a caller keeps the pointers around and happens to use them after a reconnect, that would be a problem. Maybe it would be better for the library to make copies of everything for the caller, so that use-after-free is not an issue. Then the caller would need to free the lists, possibly through an openconnect_free_ip_info() API. Should I send a patch? Another option is to add a new callback in which the parameters are only guaranteed to be valid until the callback returns (which doesn't directly fix the problem, but could make it more obvious that the pointers shouldn't be stored).