Set ssh->mainchan->type earlier.

A user reported a nonsensical assertion failure (claiming that ssh->version != 2) which suggested that a channel had somehow outlived its parent Ssh in the situation where the opening of the main session channel is rejected by the server. Checking with valgrind suggested that things start to go wrong at the point where we free the half-set- up ssh->mainchan before having filled in its type field, so that the switch in ssh_channel_close_local() picks an arbitrary wrong action. I haven't reproduced the same failure the user reported, but with this change, Unix plink is now valgrind-clean in that failure situation.
2025-01-25 01:02:24 +00:00 · 2017-07-17 20:57:07 +01:00 · 2017-07-17 20:57:07 +01:00 · f0126dd198
commit f0126dd198
parent 25683f0f3d
1 changed files with 1 additions and 1 deletions
--- a/ssh.c
+++ b/ssh.c
@ -10722,6 +10722,7 @@ static void do_ssh2_authconn(Ssh ssh, const unsigned char *in, int inlen,
    } else {
 	ssh->mainchan = snew(struct ssh_channel);
 	ssh->mainchan->ssh = ssh;
+	ssh->mainchan->type = CHAN_MAINSESSION;
 	ssh_channel_init(ssh->mainchan);

 	if (*conf_get_str(ssh->conf, CONF_ssh_nc_host)) {
@ -10761,7 +10762,6 @@ static void do_ssh2_authconn(Ssh ssh, const unsigned char *in, int inlen,

 	ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
 	ssh->mainchan->halfopen = FALSE;
-	ssh->mainchan->type = CHAN_MAINSESSION;
 	ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
 	ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
 	update_specials_menu(ssh->frontend);