1 Fri Jun 4 10:54:04 2010 Jan Just Keijser <jan.just.keijser@gmail.com>
3 * pptp_ctrl.c: check for failure return by pptp_send_ctrl_packet
4 and avoid using freed struct conn.
6 --- a/pptp_ctrl.c 2010-06-15 15:05:46.743913798 +0100
7 +++ b/pptp_ctrl.c 2010-06-15 14:32:00.480100647 +0100
9 /* don't check state against WAIT_DISCONNECT... allow multiple disconnect
10 * requests to be made.
12 - pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst));
14 - call->state.pns = PNS_WAIT_DISCONNECT;
15 + if (pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst))) {
17 + call->state.pns = PNS_WAIT_DISCONNECT;
19 /* call structure will be freed when we have confirmation of disconnect. */
23 pptp_call_close(conn, vector_get_Nth(conn->call, i));
24 /* now close connection */
25 log("Closing PPTP connection");
26 - pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst));
27 - pptp_reset_timer(); /* wait 60 seconds for reply */
28 - conn->conn_state = CONN_WAIT_STOP_REPLY;
29 + if (pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst))) {
30 + pptp_reset_timer(); /* wait 60 seconds for reply */
31 + conn->conn_state = CONN_WAIT_STOP_REPLY;
37 reply.version = packet->version;
38 /* protocol version not supported */
39 reply.result_code = hton8(5);
40 - pptp_send_ctrl_packet(conn, &reply, sizeof(reply));
41 - pptp_reset_timer(); /* give sender a chance for a retry */
42 + if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply)))
43 + pptp_reset_timer(); /* give sender a chance for a retry */
44 } else { /* same or greater version */
45 if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply))) {
46 conn->conn_state = CONN_ESTABLISHED;
48 hton8(1), hton8(PPTP_GENERAL_ERROR_NONE), 0
50 logecho( PPTP_ECHO_RQST);
51 - pptp_send_ctrl_packet(conn, &reply, sizeof(reply));
53 + if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply)))
57 /* ----------- OUTGOING CALL MESSAGES ------------ */
59 vector_search(conn->call, ntoh16(packet->call_id), &call);
60 if (call->callback != NULL)
61 call->callback(conn, call, CALL_CLOSE_RQST);
62 - pptp_send_ctrl_packet(conn, &reply, sizeof(reply));
63 - pptp_call_destroy(conn, call);
64 - log("Call closed (RQST) (call id %d)", (int) call->call_id);
65 + if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply))) {
66 + pptp_call_destroy(conn, call);
67 + log("Call closed (RQST) (call id %d)", (int) call->call_id);
73 } else { /* ka_state == NONE */ /* send keep-alive */
74 struct pptp_echo_rqst rqst = {
75 PPTP_HEADER_CTRL(PPTP_ECHO_RQST), hton32(global.conn->ka_id) };
76 - pptp_send_ctrl_packet(global.conn, &rqst, sizeof(rqst));
77 - global.conn->ka_state = KA_OUTSTANDING;
78 + if (pptp_send_ctrl_packet(global.conn, &rqst, sizeof(rqst))) {
79 + global.conn->ka_state = KA_OUTSTANDING;
82 /* check incoming/outgoing call states for !IDLE && !ESTABLISHED */
83 for (i = 0; i < vector_size(global.conn->call); i++) {