58 lines
2.3 KiB
Diff
58 lines
2.3 KiB
Diff
From a9b135760aea6d1790d447d351c56b78889dac22 Mon Sep 17 00:00:00 2001
|
|
From: Aki Tuomi <aki.tuomi@dovecot.fi>
|
|
Date: Fri, 26 Jan 2018 10:55:54 +0200
|
|
Subject: [PATCH] lib-auth: Remove request after abort
|
|
|
|
Otherwise the request will still stay in hash table
|
|
and get dereferenced when all requests are aborted
|
|
causing an attempt to access free'd memory.
|
|
|
|
Found by Apollon Oikonomopoulos <apoikos@debian.org>
|
|
|
|
Broken in 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060
|
|
---
|
|
src/lib-auth/auth-client-request.c | 2 ++
|
|
src/lib-auth/auth-server-connection.c | 7 +++++++
|
|
src/lib-auth/auth-server-connection.h | 2 ++
|
|
3 files changed, 11 insertions(+)
|
|
|
|
diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
|
|
index 046f7c307d..f6d0290a13 100644
|
|
--- a/src/lib-auth/auth-client-request.c
|
|
+++ b/src/lib-auth/auth-client-request.c
|
|
@@ -186,6 +186,8 @@ void auth_client_request_abort(struct auth_client_request **_request)
|
|
|
|
auth_client_send_cancel(request->conn->client, request->id);
|
|
call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
|
|
+ /* remove the request */
|
|
+ auth_server_connection_remove_request(request->conn, request->id);
|
|
pool_unref(&request->pool);
|
|
}
|
|
|
|
diff --git a/src/lib-auth/auth-server-connection.c b/src/lib-auth/auth-server-connection.c
|
|
index 9d65450fb3..7eea061cad 100644
|
|
--- a/src/lib-auth/auth-server-connection.c
|
|
+++ b/src/lib-auth/auth-server-connection.c
|
|
@@ -483,3 +483,10 @@ auth_server_connection_add_request(struct auth_server_connection *conn,
|
|
hash_table_insert(conn->requests, POINTER_CAST(id), request);
|
|
return id;
|
|
}
|
|
+
|
|
+void auth_server_connection_remove_request(struct auth_server_connection *conn,
|
|
+ unsigned int id)
|
|
+{
|
|
+ i_assert(conn->handshake_received);
|
|
+ hash_table_remove(conn->requests, POINTER_CAST(id));
|
|
+}
|
|
diff --git a/src/lib-auth/auth-server-connection.h b/src/lib-auth/auth-server-connection.h
|
|
index 179b5dbd4c..c2c533a41d 100644
|
|
--- a/src/lib-auth/auth-server-connection.h
|
|
+++ b/src/lib-auth/auth-server-connection.h
|
|
@@ -40,4 +40,6 @@ void auth_server_connection_disconnect(struct auth_server_connection *conn,
|
|
unsigned int
|
|
auth_server_connection_add_request(struct auth_server_connection *conn,
|
|
struct auth_client_request *request);
|
|
+void auth_server_connection_remove_request(struct auth_server_connection *conn,
|
|
+ unsigned int id);
|
|
#endif
|