summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2017-12-01 11:13:29 +0100
committerDaiki Ueno <dueno@redhat.com>2017-12-01 11:16:22 +0100
commit08aa373874d8a20f39e034754e040f3c0f95f5fc (patch)
tree15d21d1abd8ee75164d38b43b131070446d00d1e
parentc718c723e817ff7c03eeacff361c8f77f0726ec9 (diff)
downloadgnutls-tmp-dueno-serv-double-free.tar.gz
gnutls-serv: fix double-free on inactivity timeouttmp-dueno-serv-double-free
Previously, gnutls-serv --echo segfaulted when closing client connection after inactivity timeout. Here is the valgrind output: ==20246== Invalid free() / delete / delete[] / realloc() ==20246== at 0x4C2FD18: free (vg_replace_malloc.c:530) ==20246== by 0x405310: listener_free (serv.c:154) ==20246== by 0x408B57: tcp_server (serv.c:1568) ==20246== by 0x407DA6: main (serv.c:1231) ==20246== Address 0x6ed4fe0 is 0 bytes inside a block of size 3 free'd ==20246== at 0x4C2FD18: free (vg_replace_malloc.c:530) ==20246== by 0x408A1D: tcp_server (serv.c:1548) ==20246== by 0x407DA6: main (serv.c:1231) ==20246== Block was alloc'd at ==20246== at 0x4C2EB6B: malloc (vg_replace_malloc.c:299) ==20246== by 0x6A64489: strdup (in /usr/lib64/libc-2.25.so) ==20246== by 0x407310: get_response (serv.c:948) ==20246== by 0x408840: tcp_server (serv.c:1492) ==20246== by 0x407DA6: main (serv.c:1231) ==20246== Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat
-rw-r--r--src/serv.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/serv.c b/src/serv.c
index 0387a5a90a..6da39da7de 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -1547,6 +1547,7 @@ static void tcp_server(const char *name, int port)
j->http_state = HTTP_STATE_REQUEST;
free(j->
http_response);
+ j->http_response = NULL;
j->response_length = 0;
j->request_length = 0;
j->http_request[0] = 0;
View Lorry Controller Status