From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 11 Dec 2025 14:12:55 +0000 (+0100)
Subject: scheduler: Fix possible use_after_free in `cupsdReadClient()`
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c1d2c631267f28131dd31df5b895b8bfb3005b0d;p=thirdparty%2Fcups.git

scheduler: Fix possible use_after_free in `cupsdReadClient()`

If `cupsdSendHeader()` fails, we free the connection and return -1, but
in that case we try to free the connection again in `cupsdReadClient()`.
---

diff --git a/scheduler/client.c b/scheduler/client.c
index f6166091e8..63844d5318 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2761,10 +2761,7 @@ check_start_tls(cupsd_client_t *con)	/* I - Client connection */
     httpSetField(con->http, HTTP_FIELD_CONTENT_LENGTH, "0");
 
     if (!cupsdSendHeader(con, HTTP_STATUS_OK, NULL, CUPSD_AUTH_NONE))
-    {
-      cupsdCloseClient(con);
       return (-1);
-    }
   }
 
   return (1);