tweak sip ws code to avoid double free

diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update
index 91bc2e3e8a5549304c8420846fdc0a0e122729bb..0440205a5353ed6b21bdca805d7423cd3ed6a091 100644 (file)
--- a/libs/sofia-sip/.update
+++ b/libs/sofia-sip/.update
@@ -1 +1 @@
-Tue Jun 25 09:28:40 CDT 2013
+Wed Jun 26 12:43:51 EDT 2013

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
index c6846be1e1ec788e74c4902abffeb1963a66bf47..d9ed0b6980d7d764018e4bd6b86eff071bddaa29 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
@@ -207,23 +207,14 @@ int tport_recv_stream_ws(tport_t *self)
   int err;
   msg_iovec_t iovec[msg_n_fragments] = {{ 0 }};
   tport_ws_t *wstp = (tport_ws_t *)self;
-  wsh_t *ws = wstp->ws;
-  tport_ws_primary_t *wspri = (tport_ws_primary_t *)self->tp_pri;
   uint8_t *data;
   ws_opcode_t oc;
 
   if (wstp->ws_initialized < 0) {
          return -1;
-  } else if (wstp->ws_initialized == 0) {
-         if (ws_init(ws, self->tp_socket, 65336, wstp->ws_secure ? wspri->ssl_ctx : NULL, 0) == -2) {
-                 return 2;
-         }
-         wstp->ws_initialized = 1;
-         self->tp_pre_framed = 1;
-         return 1;
   }
 
-  N = ws_read_frame(ws, &oc, &data);
+  N = ws_read_frame(&wstp->ws, &oc, &data);
 
   if (N == -2) {
          return 2;
@@ -276,7 +267,6 @@ ssize_t tport_send_stream_ws(tport_t const *self, msg_t *msg,
   size_t i, j, n, m, size = 0;
   ssize_t nerror;
   tport_ws_t *wstp = (tport_ws_t *)self;
-  wsh_t *ws = wstp->ws;
 
   enum { WSBUFSIZE = 2048 };
 
@@ -311,10 +301,10 @@ ssize_t tport_send_stream_ws(tport_t const *self, msg_t *msg,
       iov[j].siv_base = buf, iov[j].siv_len = m;
        }
 
-       nerror = ws_feed_buf(ws, buf, m);
+       nerror = ws_feed_buf(&wstp->ws, buf, m);
        
     SU_DEBUG_9(("tport_ws_writevec: vec %p %p %lu ("MOD_ZD")\n",
-               (void *)ws, (void *)iov[i].siv_base, (LU)iov[i].siv_len,
+               (void *)&wstp->ws, (void *)iov[i].siv_base, (LU)iov[i].siv_len,
                nerror));
 
     if (nerror == -1) {
@@ -333,7 +323,7 @@ ssize_t tport_send_stream_ws(tport_t const *self, msg_t *msg,
       break;
   }
 
-  ws_send_buf(ws, WSOC_TEXT);
+  ws_send_buf(&wstp->ws, WSOC_TEXT);
 
 
   return size;
@@ -453,6 +443,15 @@ int tport_ws_init_secondary(tport_t *self, int socket, int accepted,
 
   if ( wspri->ws_secure ) wstp->ws_secure = 1;
 
+
+  memset(&wstp->ws, 0, sizeof(wstp->ws));
+  if (ws_init(&wstp->ws, socket, 65336, wstp->ws_secure ? wspri->ssl_ctx : NULL, 0) < 0) {
+         return *return_reason = "WS_INIT", -1;
+  }
+
+  wstp->ws_initialized = 1;
+  self->tp_pre_framed = 1;
+
   return 0;
 }
 
@@ -461,10 +460,9 @@ static void tport_ws_deinit_secondary(tport_t *self)
        tport_ws_t *wstp = (tport_ws_t *)self;
 
        if (wstp->ws_initialized == 1) {
-               wsh_t *wsh = wstp->ws;
-               SU_DEBUG_1(("%p destroy ws%s transport %p.\n", (void *) self, wstp->ws_secure ? "s" : "", (void *) wsh));
-               ws_destroy(&wsh);
-               wstp->ws_initialized = 1;
+               SU_DEBUG_1(("%p destroy ws%s transport %p.\n", (void *) self, wstp->ws_secure ? "s" : "", (void *) &wstp->ws));
+               ws_destroy(&wstp->ws);
+               wstp->ws_initialized = -1;
        }
 }
 

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_ws.h b/libs/sofia-sip/libsofia-sip-ua/tport/tport_ws.h
index 034b6f8fde10727c35e174ca14df679faa879558..b4a5d42b5a0b1ad7a0c57abe98327d8b5df828bc 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_ws.h
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_ws.h
@@ -55,7 +55,7 @@ typedef enum {
 
 typedef struct tport_ws_s {
   tport_t  wstp_tp[1];
-  wsh_t    ws[1];
+  wsh_t    ws;
   char    *wstp_buffer;
   SU_S8_T  ws_initialized;
   unsigned ws_secure:1;

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
index 938b3f6d049c678a1ce0ff5f4067578b4e6e53bd..46e41d133bc6c5596f88ffca7b7eafe829392417 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
@@ -402,17 +402,13 @@ int ws_init(wsh_t *wsh, ws_socket_t sock, size_t buflen, SSL_CTX *ssl_ctx, int c
        return 0;
 }
 
-void ws_destroy(wsh_t **wshp)
+void ws_destroy(wsh_t *wsh)
 {
-       wsh_t *wsh;
 
-       if (!wshp || ! *wshp) {
+       if (!wsh) {
                return;
        }
 
-       wsh = *wshp;
-       *wshp = NULL;
-       
        if (!wsh->down) {
                ws_close(wsh, WS_NONE);
        }

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/ws.h b/libs/sofia-sip/libsofia-sip-ua/tport/ws.h
index 2182960c14ad216fa6f21cdf86201d7eebf8a8f3..13e5c27b2ba1d08abe862d8d3525112d95c27201 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.h
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.h
@@ -85,7 +85,7 @@ issize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data);
 issize_t ws_write_frame(wsh_t *wsh, ws_opcode_t oc, void *data, size_t bytes);
 int ws_init(wsh_t *wsh, ws_socket_t sock, size_t buflen, SSL_CTX *ssl_ctx, int close_sock);
 issize_t ws_close(wsh_t *wsh, int16_t reason);
-void ws_destroy(wsh_t **wshp);
+void ws_destroy(wsh_t *wsh);
 void init_ssl(void);
 void deinit_ssl(void);