From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Tue, 10 Aug 2021 11:38:39 +0000 (+0200)
Subject: login-proxy: Fix potential memory leak if backend login fails
X-Git-Tag: 2.3.18~251
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1489e6378ce539b174aae1b33a9af0fafbbe1b22;p=thirdparty%2Fdovecot%2Fcore.git

login-proxy: Fix potential memory leak if backend login fails

It also needs an abnormal way of destroying the client for the leak to
happen. For example if the login process is being killed.
---

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index 1314efa69b..08a260229d 100644
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -282,12 +282,21 @@ void client_disconnect(struct client *client, const char *reason,
 	if (client->output != NULL)
 		o_stream_uncork(client->output);
 	if (!client->login_success) {
+		bool unref = FALSE;
+
 		io_remove(&client->io);
 		ssl_iostream_destroy(&client->ssl_iostream);
-		iostream_proxy_unref(&client->iostream_fd_proxy);
+		if (client->iostream_fd_proxy != NULL) {
+			iostream_proxy_unref(&client->iostream_fd_proxy);
+			unref = TRUE;
+		}
 		i_stream_close(client->input);
 		o_stream_close(client->output);
 		i_close_fd(&client->fd);
+		if (unref) {
+			i_assert(client->refcount > 1);
+			client_unref(&client);
+		}
 	} else {
 		/* Login was successful. We may now be proxying the connection,
 		   so don't disconnect the client until client_unref(). */