[ipfire-3.x.git] / pptp / patches / pptp-1.7.2-conn-free.patch

Tue Jun 15 15:00:40 2010  James Cameron  <quozl@laptop.org>

	* pptp_ctrl.c (pptp_conn_is_dead): immediately destroying the
	connection and freeing the structure has led to segmentation
	faults on more recent heap implementations, since we use the
	structure after it has been freed.

	Defer the free of the structure until after all uses of it have
	ceased, by adding a connection state for dead and terminating the
	main loop once it is detected.

--- a/pptp_callmgr.c	2008-05-14 07:33:55.000000000 +0100
+++ b/pptp_callmgr.c	2010-06-15 14:32:00.478100392 +0100
@@ -167,6 +170,7 @@
     do {
         int rc;
         fd_set read_set = call_set, write_set;
+        if (pptp_conn_is_dead(conn)) break;
         FD_ZERO (&write_set);
         if (pptp_conn_established(conn)) {
 	  FD_SET (unix_sock, &read_set);
@@ -294,6 +298,7 @@
 	}
         /* with extreme prejudice */
         pptp_conn_destroy(conn);
+        pptp_conn_free(conn);
         vector_destroy(call_list);
     }
 cleanup:
--- a/pptp_ctrl.c	2008-05-14 07:33:55.000000000 +0100
+++ b/pptp_ctrl.c	2010-06-15 14:32:00.480100647 +0100
@@ -58,8 +62,11 @@
 struct PPTP_CONN {
     int inet_sock;
     /* Connection States */
-    enum { 
-        CONN_IDLE, CONN_WAIT_CTL_REPLY, CONN_WAIT_STOP_REPLY, CONN_ESTABLISHED 
+    enum {
+      CONN_IDLE,
+      CONN_WAIT_CTL_REPLY, CONN_WAIT_STOP_REPLY,
+      CONN_ESTABLISHED,
+      CONN_DEAD
     } conn_state; /* on startup: CONN_IDLE */
     /* Keep-alive states */
     enum { 
@@ -448,6 +457,16 @@
     close(conn->inet_sock);
     /* deallocate */
     vector_destroy(conn->call);
+    conn->conn_state = CONN_DEAD;
+}
+
+int pptp_conn_is_dead(PPTP_CONN * conn)
+{
+    return conn->conn_state == CONN_DEAD;
+}
+
+void pptp_conn_free(PPTP_CONN * conn)
+{
     free(conn);
 }
 
@@ -1038,11 +1059,13 @@
     int i;
     /* "Keep Alives and Timers, 1": check connection state */
     if (global.conn->conn_state != CONN_ESTABLISHED) {
-        if (global.conn->conn_state == CONN_WAIT_STOP_REPLY) 
+        if (global.conn->conn_state == CONN_WAIT_STOP_REPLY) {
             /* hard close. */
             pptp_conn_destroy(global.conn);
-        else /* soft close */
-            pptp_conn_close(global.conn, PPTP_STOP_NONE);
+            return;
+        }
+        /* soft close */
+        pptp_conn_close(global.conn, PPTP_STOP_NONE);
     }
     /* "Keep Alives and Timers, 2": check echo status */
     if (global.conn->ka_state == KA_OUTSTANDING) {
--- a/pptp_ctrl.h	2008-05-14 07:33:55.000000000 +0100
+++ b/pptp_ctrl.h	2010-06-15 14:32:00.864975405 +0100
@@ -33,6 +33,8 @@
 void pptp_call_close(PPTP_CONN * conn, PPTP_CALL * call);
 /* hard close. */
 void pptp_call_destroy(PPTP_CONN *conn, PPTP_CALL *call);
+int pptp_conn_is_dead(PPTP_CONN * conn);
+void pptp_conn_free(PPTP_CONN * conn);
 /* soft close.  Will callback on completion. */
 void pptp_conn_close(PPTP_CONN * conn, u_int8_t close_reason);
 /* hard close */
Commit	Line	Data
7d288e76 MT	1	Tue Jun 15 15:00:40 2010 James Cameron <quozl@laptop.org>
	2
	3	* pptp_ctrl.c (pptp_conn_is_dead): immediately destroying the
	4	connection and freeing the structure has led to segmentation
	5	faults on more recent heap implementations, since we use the
	6	structure after it has been freed.
	7
	8	Defer the free of the structure until after all uses of it have
	9	ceased, by adding a connection state for dead and terminating the
	10	main loop once it is detected.
	11
	12	--- a/pptp_callmgr.c 2008-05-14 07:33:55.000000000 +0100
	13	+++ b/pptp_callmgr.c 2010-06-15 14:32:00.478100392 +0100
	14	@@ -167,6 +170,7 @@
	15	do {
	16	int rc;
	17	fd_set read_set = call_set, write_set;
	18	+ if (pptp_conn_is_dead(conn)) break;
	19	FD_ZERO (&write_set);
	20	if (pptp_conn_established(conn)) {
	21	FD_SET (unix_sock, &read_set);
	22	@@ -294,6 +298,7 @@
	23	}
	24	/* with extreme prejudice */
	25	pptp_conn_destroy(conn);
	26	+ pptp_conn_free(conn);
	27	vector_destroy(call_list);
	28	}
	29	cleanup:
	30	--- a/pptp_ctrl.c 2008-05-14 07:33:55.000000000 +0100
	31	+++ b/pptp_ctrl.c 2010-06-15 14:32:00.480100647 +0100
	32	@@ -58,8 +62,11 @@
	33	struct PPTP_CONN {
	34	int inet_sock;
	35	/* Connection States */
	36	- enum {
	37	- CONN_IDLE, CONN_WAIT_CTL_REPLY, CONN_WAIT_STOP_REPLY, CONN_ESTABLISHED
	38	+ enum {
	39	+ CONN_IDLE,
	40	+ CONN_WAIT_CTL_REPLY, CONN_WAIT_STOP_REPLY,
	41	+ CONN_ESTABLISHED,
	42	+ CONN_DEAD
	43	} conn_state; /* on startup: CONN_IDLE */
	44	/* Keep-alive states */
	45	enum {
	46	@@ -448,6 +457,16 @@
	47	close(conn->inet_sock);
	48	/* deallocate */
	49	vector_destroy(conn->call);
	50	+ conn->conn_state = CONN_DEAD;
	51	+}
	52	+
	53	+int pptp_conn_is_dead(PPTP_CONN * conn)
	54	+{
	55	+ return conn->conn_state == CONN_DEAD;
	56	+}
	57	+
	58	+void pptp_conn_free(PPTP_CONN * conn)
	59	+{
	60	free(conn);
	61	}
	62
	63	@@ -1038,11 +1059,13 @@
	64	int i;
65	/* "Keep Alives and Timers, 1": check connection state */
66	if (global.conn->conn_state != CONN_ESTABLISHED) {
67	- if (global.conn->conn_state == CONN_WAIT_STOP_REPLY)
68	+ if (global.conn->conn_state == CONN_WAIT_STOP_REPLY) {
69	/* hard close. */
70	pptp_conn_destroy(global.conn);
71	- else /* soft close */
72	- pptp_conn_close(global.conn, PPTP_STOP_NONE);
73	+ return;
74	+ }
75	+ /* soft close */
76	+ pptp_conn_close(global.conn, PPTP_STOP_NONE);
77	}
78	/* "Keep Alives and Timers, 2": check echo status */
79	if (global.conn->ka_state == KA_OUTSTANDING) {
80	--- a/pptp_ctrl.h 2008-05-14 07:33:55.000000000 +0100
81	+++ b/pptp_ctrl.h 2010-06-15 14:32:00.864975405 +0100
82	@@ -33,6 +33,8 @@
83	void pptp_call_close(PPTP_CONN * conn, PPTP_CALL * call);
84	/* hard close. */
85	void pptp_call_destroy(PPTP_CONN conn, PPTP_CALL call);
86	+int pptp_conn_is_dead(PPTP_CONN * conn);
87	+void pptp_conn_free(PPTP_CONN * conn);
88	/* soft close. Will callback on completion. */
89	void pptp_conn_close(PPTP_CONN * conn, u_int8_t close_reason);
90	/* hard close */