diff options
| author | dequis <dx@dxzone.com.ar> | 2015-02-22 03:50:48 -0300 | 
|---|---|---|
| committer | dequis <dx@dxzone.com.ar> | 2015-02-22 15:53:21 -0300 | 
| commit | 9216eff1a59e9d4a24b63c16ba4c2cacd051332c (patch) | |
| tree | 82b8a05dc5850bdcf2fdfe09655427d6b6fdb345 /lib/ssl_nss.c | |
| parent | da6f167b1df952f8d7b9362bfb8adc1d91e8c9c4 (diff) | |
s5bytestream: fix segfault (cleanup before trying next streamhost)
This segfault happened when none of the available streamhosts can be
connected to - or if at least one of them fails to connect.
Before this commit, it can be reproduced reliably by setting the "proxy"
setting of the account to nonsense, for example, this is what i used:
    proxy.example.org,1.2.3.4,7777;proxy.example.com,173.194.42.65,80
jabber_bs_recv_handshake_abort() calls jabber_bs_recv_handshake(), which
is supposed to restart the handshake with the next streamhost.  And it
replaced bt->tf->watch_out, which held an event ID, with a newer event
ID. So the replaced event ID doesn't get removed, and it gets called
again when its socket is closed by the timeout - and by the time that
happens, the memory is free()'d already. Boom.
The patch is simple - created jabber_bs_remove_events() to cleanup those
events, and use it before any code that expects to restart the cycle.
So basically the same as doing b_event_remove(bt->tf->watch_out).
I hope there aren't more bugs like this in this code.
Diffstat (limited to 'lib/ssl_nss.c')
0 files changed, 0 insertions, 0 deletions
