diff options
author | Oliver Stöneberg <oliverst@online.de> | 2011-05-04 09:20:15 -0700 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2011-05-17 20:57:38 +0200 |
commit | e5fb20c17b3412cc2fcad60c8fba81fa7d9a2bc8 (patch) | |
tree | 88bdcad8ae74d6055db328eda2a51b25bb148dd0 | |
parent | c472bd743787e145aee342f3123ca260471ee7bc (diff) | |
download | libssh-e5fb20c17b3412cc2fcad60c8fba81fa7d9a2bc8.tar.gz libssh-e5fb20c17b3412cc2fcad60c8fba81fa7d9a2bc8.tar.xz libssh-e5fb20c17b3412cc2fcad60c8fba81fa7d9a2bc8.zip |
socket: Fixed use-after-free.
When s->callbacks->exception() was called in ssh_socket_pollcallback()
we had a use after free bug.
(cherry picked from commit 986676378943353cdcf156493812737dc91befdd)
-rw-r--r-- | src/socket.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/socket.c b/src/socket.c index f3da4280..5d92b6c9 100644 --- a/src/socket.c +++ b/src/socket.c @@ -253,6 +253,9 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p, socket_t fd, int r s->callbacks->exception( SSH_SOCKET_EXCEPTION_ERROR, s->last_errno,s->callbacks->userdata); + /* p may have been freed, so don't use it + * anymore in this function */ + p = NULL; } } if(r==0){ @@ -266,6 +269,9 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p, socket_t fd, int r s->callbacks->exception( SSH_SOCKET_EXCEPTION_EOF, 0,s->callbacks->userdata); + /* p may have been freed, so don't use it + * anymore in this function */ + p = NULL; } } if(r>0){ |