nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Add missing expire_timer_context in ssh2_transport_free.

Browse Source 
This should have been moved over from the main ssh_free function back
when I did the original splitting-up of ssh.c: the transport layer
schedules a timer for rekeying (and also for GSSAPI credential
checks), so when it's freed, it needs to ensure the timer doesn't get
called anyway on a stale pointer.

Two users reported this in the form of an assertion failure in
conf_get_int (when ssh2_transport_timer asks for CONF_ssh_rekey_time,
if the tree234 call inside conf_get_int is confused by the contents of
the freed memory into returning failure). In other circumstances (if
the freed memory has different contents) it manifests as a segfault,
but it's the same underlying bug either way.
This commit is contained in:
Simon Tatham 2018-11-23 19:21:01 +00:00
parent 6de69d001f
commit 85770b2036
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssh2transport.c
View File

@ -215,6 +215,8 @@ static void ssh2_transport_free(PacketProtocolLayer *ppl)
strbuf_free(s->outgoing_kexinit);
strbuf_free(s->incoming_kexinit);
ssh_transient_hostkey_cache_free(s->thc);
expire_timer_context(s);
sfree(s);
}