[PATCH] double free os sess->proxies
Diego Santa Cruz
Diego.SantaCruz at spinetix.com
Tue May 21 04:34:13 EDT 2013
We have encountered a bug in free_proxies() in ne_session.c that causes a
double-free or invalid data references in some cases.
As not all callers of free_proxies() set sess->proxies to a new value in all
cases this pointer may be kept when the block has been free'd. For instance
if ne_set_addrlist() is called with n = 0. I think calling
ne_session_system_proxy() may also cause this, although it is less clear.
The attached patch solves this by simply setting sess->proxies to NULL at the
end of free_proxies(). Patch is against 0.29.6.
Diego Santa Cruz, PhD
Rue des Terreaux 17
1003, Lausanne, Switzerland
T +41 21 341 15 50
F +41 21 311 19 56
diego.santacruz at spinetix.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 299 bytes
Url : http://lists.manyfish.co.uk/pipermail/neon/attachments/20130521/19ab623a/attachment.obj
More information about the neon