[PATCH] Fix crash during WebDAV lock refresh

Thorsten Behrens thb at libreoffice.org
Sun Dec 22 11:55:02 EST 2019


From: Thorsten Behrens <Thorsten.Behrens at CIB.de>

- sessions might be shared amongst several files
- so then after a while, e.g. locks need to get refreshed, and
  session timeout hits
- first lock -> no prob, ne_auth.c:ah_post_send() has
  auth_challenge() failing, returning error
- _but_ ah_post_send() then does a clean_session(), and the next
  lock refresh from the same session hits nullptr session host

-> so let's delay any sspi_host cleanup until session object gets
   freed, instead of just cleaned
---
 src/ne_auth.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ne_auth.c b/src/ne_auth.c
index c6383ee..8a2684e 100644
--- a/src/ne_auth.c
+++ b/src/ne_auth.c
@@ -300,8 +300,6 @@ static void clean_session(auth_session *sess)
     sess->sspi_token = NULL;
     ne_sspi_destroy_context(sess->sspi_context);
     sess->sspi_context = NULL;
-    if (sess->sspi_host) ne_free(sess->sspi_host);
-    sess->sspi_host = NULL;
 #endif
 #ifdef HAVE_NTLM
     if (sess->ntlm_context) {
@@ -1584,6 +1582,10 @@ static void free_auth(void *cookie)
     }
 
     clean_session(sess);
+#ifdef HAVE_SSPI
+    if (sess->sspi_host) ne_free(sess->sspi_host);
+    sess->sspi_host = NULL;
+#endif
     ne_free(sess);
 }
 
-- 
2.24.0




More information about the neon mailing list