mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Clean up downstream sockets when upstream loses its SSH connection.
If the real SSH connection goes away and we call sharestate_free with downstreams still active, then that in turn calls share_connstate_free on all those downstreams, freeing the things their sockets are using as Plugs but not actually closing the sockets, so further data coming in from downstream gives rise to a use-after-free bug. (Thanks to Timothe Litt for a great deal of help debugging this.)
This commit is contained in:
parent
8581676ee9
commit
0b2f283622
@ -502,6 +502,9 @@ static void share_connstate_free(struct ssh_sharing_connstate *cs)
|
|||||||
sfree(globreq);
|
sfree(globreq);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (cs->sock)
|
||||||
|
sk_close(cs->sock);
|
||||||
|
|
||||||
sfree(cs);
|
sfree(cs);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user