From: Emmanuel D. <ma...@ne...> - 2014-03-14 08:57:16
|
On Thu, Mar 13, 2014 at 03:44:54PM +0000, Emmanuel Dreyfus wrote: > - cmd_authenticate_login() or cmd_login() call ICC_Invalidate() > - ICC_Invalidate() frees the TLS context > => XXX nobody moves the ICC to the free list > - ICC_Recycle() uses the ICC for IMAP_Write()/SSL_shutdown() and crashes. Here is a fix proposal: --- src/icc.c.orig +++ src/icc.c @@ -134,21 +134,27 @@ Expiration ) ) { syslog(LOG_INFO, "Expiring server sd [%d]", HashEntry->server_conn->sd); /* Logout of the IMAP server and close the server socket. */ - - IMAP_Write( HashEntry->server_conn, "VIC20 LOGOUT\r\n", - strlen( "VIC20 LOGOUT\r\n" ) ); + if (HashEntry->server_conn->sd != -1) { + IMAP_Write( HashEntry->server_conn, "VIC20 LOGOUT\r\n", + strlen( "VIC20 LOGOUT\r\n" ) ); #if HAVE_LIBSSL - if ( HashEntry->server_conn->tls ) - { - SSL_shutdown( HashEntry->server_conn->tls ); - SSL_free( HashEntry->server_conn->tls ); - } + if ( HashEntry->server_conn->tls ) + { + SSL *tls = HashEntry->server_conn->tls; + HashEntry->server_conn->tls = (SSL *)0xdeadbeef; + + SSL_shutdown( tls ), + SSL_free( tls ); + } #endif - close( HashEntry->server_conn->sd ); - free( HashEntry->server_conn ); + close( HashEntry->server_conn->sd ); + free( HashEntry->server_conn ); + } else { + syslog(LOG_INFO, "Expiring freed ICC"); + } /* * This was being counted as a "retained" connection. It was * open, but not in use. Now that we're closing it, we have -- Emmanuel Dreyfus ma...@ne... |