From 8431215f6ea167d3741ced597b8548b45f4b265e Mon Sep 17 00:00:00 2001
From: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue, 6 Mar 2018 13:42:53 -0500
Subject: [PATCH] ospfd: cancel SR thread at shutdown

Otherwise if it is scheduled the thread pointer will be accessed after
the shutdown task finishes accessing, having deleted the structure that
owns said pointer, which causes a heap UAF.

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
---
 ospfd/ospfd.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ospfd/ospfd.c b/ospfd/ospfd.c
index 86a3293d71..eda0fd4773 100644
--- a/ospfd/ospfd.c
+++ b/ospfd/ospfd.c
@@ -704,6 +704,7 @@ static void ospf_finish_final(struct ospf *ospf)
 	OSPF_TIMER_OFF(ospf->t_read);
 	OSPF_TIMER_OFF(ospf->t_write);
 	OSPF_TIMER_OFF(ospf->t_opaque_lsa_self);
+	OSPF_TIMER_OFF(ospf->t_sr_update);
 
 	close(ospf->fd);
 	stream_free(ospf->ibuf);
-- 
2.39.5