]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4e28c31)
lib-auth: Remove request after abort
authorAki Tuomi <aki.tuomi@dovecot.fi>
Fri, 26 Jan 2018 08:55:54 +0000 (10:55 +0200)
committerVille Savolainen <ville.savolainen@dovecot.fi>
Tue, 30 Jan 2018 08:06:02 +0000 (10:06 +0200)
Otherwise the request will still stay in hash table
and get dereferenced when all requests are aborted
causing an attempt to access free'd memory.

Found by Apollon Oikonomopoulos <apoikos@debian.org>

Broken in 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060

src/lib-auth/auth-client-request.c patch | blob | blame | history
src/lib-auth/auth-server-connection.c patch | blob | blame | history
src/lib-auth/auth-server-connection.h patch | blob | blame | history

diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
index fb2e5ddbb59db97a4cc424be24fd113b815a82ce..68d301513fb7b875b8a0c396948bb446ca781ee0 100644 (file)
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -180,6 +180,8 @@ void auth_client_request_abort(struct auth_client_request **_request)
 
        auth_client_send_cancel(request->conn->client, request->id);
        call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
+       /* remove the request */
+       auth_server_connection_remove_request(request->conn, request->id);
        pool_unref(&request->pool);
 }
 
diff --git a/src/lib-auth/auth-server-connection.c b/src/lib-auth/auth-server-connection.c
index acd3aed82df61c9b7f71ab53db39699a1558a9ea..cc9211f254453c1b8685dec9fcf400bcedec2242 100644 (file)
--- a/src/lib-auth/auth-server-connection.c
+++ b/src/lib-auth/auth-server-connection.c
@@ -481,3 +481,10 @@ auth_server_connection_add_request(struct auth_server_connection *conn,
        hash_table_insert(conn->requests, POINTER_CAST(id), request);
        return id;
 }
+
+void auth_server_connection_remove_request(struct auth_server_connection *conn,
+                                          unsigned int id)
+{
+       i_assert(conn->handshake_received);
+       hash_table_remove(conn->requests, POINTER_CAST(id));
+}
diff --git a/src/lib-auth/auth-server-connection.h b/src/lib-auth/auth-server-connection.h
index 51fc7f24b72ade467d691d1b94ddcd85cba94ce2..615ea7e9ae884d4067716eb04a525901a168e2ad 100644 (file)
--- a/src/lib-auth/auth-server-connection.h
+++ b/src/lib-auth/auth-server-connection.h
@@ -38,4 +38,6 @@ void auth_server_connection_disconnect(struct auth_server_connection *conn,
 unsigned int
 auth_server_connection_add_request(struct auth_server_connection *conn,
                                   struct auth_client_request *request);
+void auth_server_connection_remove_request(struct auth_server_connection *conn,
+                                          unsigned int id);
 #endif
Mirror of https://github.com/dovecot/core.git