mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 09:58:01 +00:00
Clean up downstream sockets when upstream loses its SSH connection.
If the real SSH connection goes away and we call sharestate_free with
downstreams still active, then that in turn calls share_connstate_free
on all those downstreams, freeing the things their sockets are using
as Plugs but not actually closing the sockets, so further data coming
in from downstream gives rise to a use-after-free bug.
(Thanks to Timothe Litt for a great deal of help debugging this.)
(cherry picked from commit 0b2f283622
)
This commit is contained in:
parent
e6679d4602
commit
ae93b52a9c
@ -502,6 +502,9 @@ static void share_connstate_free(struct ssh_sharing_connstate *cs)
|
|||||||
sfree(globreq);
|
sfree(globreq);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (cs->sock)
|
||||||
|
sk_close(cs->sock);
|
||||||
|
|
||||||
sfree(cs);
|
sfree(cs);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user