1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Clean up downstream sockets when upstream loses its SSH connection.

If the real SSH connection goes away and we call sharestate_free with
downstreams still active, then that in turn calls share_connstate_free
on all those downstreams, freeing the things their sockets are using
as Plugs but not actually closing the sockets, so further data coming
in from downstream gives rise to a use-after-free bug.

(Thanks to Timothe Litt for a great deal of help debugging this.)
This commit is contained in:
Simon Tatham 2015-06-07 21:09:41 +01:00
parent 8581676ee9
commit 0b2f283622

View File

@ -502,6 +502,9 @@ static void share_connstate_free(struct ssh_sharing_connstate *cs)
sfree(globreq);
}
if (cs->sock)
sk_close(cs->sock);
sfree(cs);
}