Mercurial > dovecot > core-2.2

changeset 2718:f5b135533197 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix some potential crashes
author Timo Sirainen <tss@iki.fi>
date Sun, 10 Oct 2004 17:21:07 +0300
parents 9d83aecdcfd7
children f8adc5cb2508
files src/auth/auth-client-connection.c src/auth/mech.c
diffstat 2 files changed, 29 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-client-connection.c	Sun Oct 10 16:55:09 2004 +0300
+++ b/src/auth/auth-client-connection.c	Sun Oct 10 17:21:07 2004 +0300
@@ -63,7 +63,7 @@
 	return NULL;
 }
 
-static void auth_client_input_handshake(struct auth_client_connection *conn)
+static int auth_client_input_handshake(struct auth_client_connection *conn)
 {
         struct auth_client_handshake_request rec;
         unsigned char *data;
@@ -71,7 +71,7 @@
 
 	data = i_stream_get_modifyable_data(conn->input, &size);
 	if (size < sizeof(rec))
-		return;
+		return FALSE;
 
 	/* Don't just cast because of alignment issues. */
 	memcpy(&rec, data, sizeof(rec));
@@ -80,16 +80,21 @@
 	if (rec.client_pid == 0) {
 		i_error("BUG: Auth client said it's PID 0");
 		auth_client_connection_destroy(conn);
-	} else if (auth_client_connection_lookup(conn->master,
-						 rec.client_pid) != NULL) {
+		return FALSE;
+	}
+
+	if (auth_client_connection_lookup(conn->master,
+					  rec.client_pid) != NULL) {
 		/* well, it might have just reconnected very fast .. although
 		   there's not much reason for it. */
 		i_error("BUG: Auth client gave a PID %u of existing connection",
 			rec.client_pid);
 		auth_client_connection_destroy(conn);
-	} else {
-		conn->pid = rec.client_pid;
+		return FALSE;
 	}
+
+	conn->pid = rec.client_pid;
+	return TRUE;
 }
 
 static int auth_client_input_request(struct auth_client_connection *conn)
@@ -174,8 +179,10 @@
 		return;
 	}
 
-	if (conn->pid == 0)
-		auth_client_input_handshake(conn);
+	if (conn->pid == 0) {
+		if (!auth_client_input_handshake(conn))
+			return;
+	}
 
 	while (auth_client_input_request(conn))
 		;
--- a/src/auth/mech.c	Sun Oct 10 16:55:09 2004 +0300
+++ b/src/auth/mech.c	Sun Oct 10 17:21:07 2004 +0300
@@ -234,11 +234,16 @@
 	reply.id = auth_request->id;
 	reply.result = AUTH_CLIENT_RESULT_SUCCESS;
 
-	/* get this before callback because it can destroy connection */
-	free_request = AUTH_MASTER_IS_DUMMY(auth_request->conn->master);
+	if (auth_request->conn == NULL) {
+		/* client is already gone */
+		free_request = TRUE;
+	} else {
+		/* get this before callback because it can destroy connection */
+		free_request = AUTH_MASTER_IS_DUMMY(auth_request->conn->master);
 
-	reply_data = mech_auth_success(&reply, auth_request, data, data_size);
-	auth_request->callback(&reply, reply_data, auth_request->conn);
+		reply_data = mech_auth_success(&reply, auth_request, data, data_size);
+		auth_request->callback(&reply, reply_data, auth_request->conn);
+	}
 
 	if (free_request) {
 		/* we don't have master process, the request is no longer
@@ -363,8 +368,11 @@
 
 	for (i = 0; i < size; i++) {
 		reply.id = auth_request[i]->id;
-		auth_request[i]->callback(&reply, NULL, auth_request[i]->conn);
-		mech_request_free(auth_request[i], auth_request[i]->id);
+		if (auth_request[i]->conn != NULL) {
+			auth_request[i]->callback(&reply, NULL,
+						  auth_request[i]->conn);
+		}
+		mech_request_free(auth_request[i], reply.id);
 	}
 	buffer_set_used_size(auth_failures_buf, 0);
 }