nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

fd-socket: fix use after free on socket close.

Browse Source 
The call to plug_closing very likely destroys the FdSocket entirely,
so we shouldn't wait until after that to clean up its input fd via
lots of dereferences.
This commit is contained in:
Simon Tatham 2021-09-13 14:18:12 +01:00
parent 64f192093a
commit 6defb2b3a0
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
unix/fd-socket.c
View File

@ -260,15 +260,16 @@ static void fdsocket_select_result_input(int fd, int event)
if (retd > 0) { if (retd > 0) {
plug_receive(fds->plug, 0, buf, retd); plug_receive(fds->plug, 0, buf, retd);
} else { } else {
del234(fdsocket_by_infd, fds);
uxsel_del(fds->infd);
close(fds->infd);
fds->infd = -1;
if (retd < 0) { if (retd < 0) {
plug_closing(fds->plug, strerror(errno), errno, 0); plug_closing(fds->plug, strerror(errno), errno, 0);
} else { } else {
plug_closing(fds->plug, NULL, 0, 0); plug_closing(fds->plug, NULL, 0, 0);
} }
del234(fdsocket_by_infd, fds);
uxsel_del(fds->infd);
close(fds->infd);
fds->infd = -1;
} }
} }