1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 09:12:24 +00:00

Clean up downstream sockets when upstream loses its SSH connection.

If the real SSH connection goes away and we call sharestate_free with
downstreams still active, then that in turn calls share_connstate_free
on all those downstreams, freeing the things their sockets are using
as Plugs but not actually closing the sockets, so further data coming
in from downstream gives rise to a use-after-free bug.

(Thanks to Timothe Litt for a great deal of help debugging this.)

(cherry picked from commit 0b2f283622)
This commit is contained in:
Simon Tatham 2015-06-07 21:09:41 +01:00
parent e6679d4602
commit ae93b52a9c

View File

@ -502,6 +502,9 @@ static void share_connstate_free(struct ssh_sharing_connstate *cs)
sfree(globreq); sfree(globreq);
} }
if (cs->sock)
sk_close(cs->sock);
sfree(cs); sfree(cs);
} }