From 65b3c93a8ec0e916cbf57b9bc824dde5b6b535ef Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 20 Apr 2019 09:38:54 +0100 Subject: [PATCH] Uppity: free the packet protocol layers on exit. This bug and the one in the previous commit combined to mean that when an SSH-1 connection through Uppity is terminated, the pty backend for its main session channel was never cleaned up. (Firstly because ssh1_connection_free never got called, and secondly because that in turn forgot to free its mainchan.) The effect of that in turn was that a _subsequent_ connection to the same Uppity (using the new listening-socket mode) would likely reuse the same fd for its pty, and the insertions into the ptyfds tree in uxpty.c would silently fail because an existing Pty was already occupying them, leading to a segfault when that Pty in turn responded to events on a pty it didn't really own and tried to call back to a seat that didn't exist any more. --- sshserver.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sshserver.c b/sshserver.c index 7ed2052c..46630868 100644 --- a/sshserver.c +++ b/sshserver.c @@ -311,6 +311,8 @@ static void ssh_server_free_callback(void *vsrv) sk_close(srv->socket); + if (srv->base_layer) + ssh_ppl_free(srv->base_layer); if (srv->bpp) ssh_bpp_free(srv->bpp);