Mercurial > dovecot > core-2.2
changeset 2718:f5b135533197 HEAD
Fix some potential crashes
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 10 Oct 2004 17:21:07 +0300 |
parents | 9d83aecdcfd7 |
children | f8adc5cb2508 |
files | src/auth/auth-client-connection.c src/auth/mech.c |
diffstat | 2 files changed, 29 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-client-connection.c Sun Oct 10 16:55:09 2004 +0300 +++ b/src/auth/auth-client-connection.c Sun Oct 10 17:21:07 2004 +0300 @@ -63,7 +63,7 @@ return NULL; } -static void auth_client_input_handshake(struct auth_client_connection *conn) +static int auth_client_input_handshake(struct auth_client_connection *conn) { struct auth_client_handshake_request rec; unsigned char *data; @@ -71,7 +71,7 @@ data = i_stream_get_modifyable_data(conn->input, &size); if (size < sizeof(rec)) - return; + return FALSE; /* Don't just cast because of alignment issues. */ memcpy(&rec, data, sizeof(rec)); @@ -80,16 +80,21 @@ if (rec.client_pid == 0) { i_error("BUG: Auth client said it's PID 0"); auth_client_connection_destroy(conn); - } else if (auth_client_connection_lookup(conn->master, - rec.client_pid) != NULL) { + return FALSE; + } + + if (auth_client_connection_lookup(conn->master, + rec.client_pid) != NULL) { /* well, it might have just reconnected very fast .. although there's not much reason for it. */ i_error("BUG: Auth client gave a PID %u of existing connection", rec.client_pid); auth_client_connection_destroy(conn); - } else { - conn->pid = rec.client_pid; + return FALSE; } + + conn->pid = rec.client_pid; + return TRUE; } static int auth_client_input_request(struct auth_client_connection *conn) @@ -174,8 +179,10 @@ return; } - if (conn->pid == 0) - auth_client_input_handshake(conn); + if (conn->pid == 0) { + if (!auth_client_input_handshake(conn)) + return; + } while (auth_client_input_request(conn)) ;
--- a/src/auth/mech.c Sun Oct 10 16:55:09 2004 +0300 +++ b/src/auth/mech.c Sun Oct 10 17:21:07 2004 +0300 @@ -234,11 +234,16 @@ reply.id = auth_request->id; reply.result = AUTH_CLIENT_RESULT_SUCCESS; - /* get this before callback because it can destroy connection */ - free_request = AUTH_MASTER_IS_DUMMY(auth_request->conn->master); + if (auth_request->conn == NULL) { + /* client is already gone */ + free_request = TRUE; + } else { + /* get this before callback because it can destroy connection */ + free_request = AUTH_MASTER_IS_DUMMY(auth_request->conn->master); - reply_data = mech_auth_success(&reply, auth_request, data, data_size); - auth_request->callback(&reply, reply_data, auth_request->conn); + reply_data = mech_auth_success(&reply, auth_request, data, data_size); + auth_request->callback(&reply, reply_data, auth_request->conn); + } if (free_request) { /* we don't have master process, the request is no longer @@ -363,8 +368,11 @@ for (i = 0; i < size; i++) { reply.id = auth_request[i]->id; - auth_request[i]->callback(&reply, NULL, auth_request[i]->conn); - mech_request_free(auth_request[i], auth_request[i]->id); + if (auth_request[i]->conn != NULL) { + auth_request[i]->callback(&reply, NULL, + auth_request[i]->conn); + } + mech_request_free(auth_request[i], reply.id); } buffer_set_used_size(auth_failures_buf, 0); }