1 Tue Jun 15 15:00:40 2010 James Cameron <quozl@laptop.org>
3 * pptp_ctrl.c (pptp_conn_is_dead): immediately destroying the
4 connection and freeing the structure has led to segmentation
5 faults on more recent heap implementations, since we use the
6 structure after it has been freed.
8 Defer the free of the structure until after all uses of it have
9 ceased, by adding a connection state for dead and terminating the
10 main loop once it is detected.
12 --- a/pptp_callmgr.c 2008-05-14 07:33:55.000000000 +0100
13 +++ b/pptp_callmgr.c 2010-06-15 14:32:00.478100392 +0100
17 fd_set read_set = call_set, write_set;
18 + if (pptp_conn_is_dead(conn)) break;
20 if (pptp_conn_established(conn)) {
21 FD_SET (unix_sock, &read_set);
24 /* with extreme prejudice */
25 pptp_conn_destroy(conn);
26 + pptp_conn_free(conn);
27 vector_destroy(call_list);
30 --- a/pptp_ctrl.c 2008-05-14 07:33:55.000000000 +0100
31 +++ b/pptp_ctrl.c 2010-06-15 14:32:00.480100647 +0100
35 /* Connection States */
37 - CONN_IDLE, CONN_WAIT_CTL_REPLY, CONN_WAIT_STOP_REPLY, CONN_ESTABLISHED
40 + CONN_WAIT_CTL_REPLY, CONN_WAIT_STOP_REPLY,
43 } conn_state; /* on startup: CONN_IDLE */
44 /* Keep-alive states */
47 close(conn->inet_sock);
49 vector_destroy(conn->call);
50 + conn->conn_state = CONN_DEAD;
53 +int pptp_conn_is_dead(PPTP_CONN * conn)
55 + return conn->conn_state == CONN_DEAD;
58 +void pptp_conn_free(PPTP_CONN * conn)
63 @@ -1038,11 +1059,13 @@
65 /* "Keep Alives and Timers, 1": check connection state */
66 if (global.conn->conn_state != CONN_ESTABLISHED) {
67 - if (global.conn->conn_state == CONN_WAIT_STOP_REPLY)
68 + if (global.conn->conn_state == CONN_WAIT_STOP_REPLY) {
70 pptp_conn_destroy(global.conn);
71 - else /* soft close */
72 - pptp_conn_close(global.conn, PPTP_STOP_NONE);
76 + pptp_conn_close(global.conn, PPTP_STOP_NONE);
78 /* "Keep Alives and Timers, 2": check echo status */
79 if (global.conn->ka_state == KA_OUTSTANDING) {
80 --- a/pptp_ctrl.h 2008-05-14 07:33:55.000000000 +0100
81 +++ b/pptp_ctrl.h 2010-06-15 14:32:00.864975405 +0100
83 void pptp_call_close(PPTP_CONN * conn, PPTP_CALL * call);
85 void pptp_call_destroy(PPTP_CONN *conn, PPTP_CALL *call);
86 +int pptp_conn_is_dead(PPTP_CONN * conn);
87 +void pptp_conn_free(PPTP_CONN * conn);
88 /* soft close. Will callback on completion. */
89 void pptp_conn_close(PPTP_CONN * conn, u_int8_t close_reason);