From: Timo Sirainen <tss@iki.fi>
Date: Thu, 30 Sep 2010 16:12:55 +0000 (+0100)
Subject: auth: Avoid crashing when finishing failed requests that already timed out.
X-Git-Tag: 2.0.5~20
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ea95a057fa5f02d50027122cacd3147fce7679fa;p=thirdparty%2Fdovecot%2Fcore.git

auth: Avoid crashing when finishing failed requests that already timed out.
---

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index a8206f9a95..c3d5cb0b7c 100644
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -116,6 +116,12 @@ static void auth_request_handler_remove(struct auth_request_handler *handler,
 {
 	i_assert(request->handler == handler);
 
+	if (request->removed_from_handler) {
+		/* already removed it */
+		return;
+	}
+	request->removed_from_handler = TRUE;
+
 	/* if db lookup is stuck, this call doesn't actually free the auth
 	   request, so make sure we don't get back here. */
 	timeout_remove(&request->to_abort);
diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h
index 3e7bc47285..eeadb799c1 100644
--- a/src/auth/auth-request.h
+++ b/src/auth/auth-request.h
@@ -109,6 +109,7 @@ struct auth_request {
 	unsigned int userdb_lookup:1;
 	unsigned int userdb_lookup_failed:1;
 	unsigned int secured:1;
+	unsigned int removed_from_handler:1;
 
 	/* ... mechanism specific data ... */
 };