mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Clean up downstream sockets when upstream loses its SSH connection.
If the real SSH connection goes away and we call sharestate_free with downstreams still active, then that in turn calls share_connstate_free on all those downstreams, freeing the things their sockets are using as Plugs but not actually closing the sockets, so further data coming in from downstream gives rise to a use-after-free bug. (Thanks to Timothe Litt for a great deal of help debugging this.)
This commit is contained in:
parent
8581676ee9
commit
0b2f283622
@ -502,6 +502,9 @@ static void share_connstate_free(struct ssh_sharing_connstate *cs)
|
||||
sfree(globreq);
|
||||
}
|
||||
|
||||
if (cs->sock)
|
||||
sk_close(cs->sock);
|
||||
|
||||
sfree(cs);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user