stream-ssl: Avoid access-after-free error in update_ssl_config().

Commit b84f503d "stream-ssl: Read existing CA certificate more eagerly
during bootstrap" inadvertently introduced an access-after-free error:

  do_ca_cert_bootstrap() calls
    stream_ssl_set_ca_cert_file(ca_cert.file_name, true), which calls
      update_ssl_config(&ca_cert, file_name), which calls
        free(ca_cert.file_name) then xstrdup(ca_cert.file_name).

Fix the problem.

Reported-by: Cedric Hobbs <cedric@nicira.com>
Reported-by: Peter Balland <peter@nicira.com>

diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 153357cd78ea7a27eaa3d0f011455e9cc302cfa8..aeca21ecc0fdd555507ddd749fdf3f9d6ba86118 100644 (file)
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -954,9 +954,12 @@ update_ssl_config(struct ssl_config_file *config, const char *file_name)
         return false;
     }
 
+    /* Update 'config'. */
     config->mtime = mtime;
-    free(config->file_name);
-    config->file_name = xstrdup(file_name);
+    if (file_name != config->file_name) {
+        free(config->file_name);
+        config->file_name = xstrdup(file_name);
+    }
     return true;
 }