[Bug 2734] New: close() is called twice in confree()

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jun 30 05:43:13 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2734

            Bug ID: 2734
           Summary: close() is called twice in confree()
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: Other
                OS: Other
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh-keyscan
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bagajjal at microsoft.com

close() is called twice in confree()

Current code - 
ssh_packet_close() internally calls the close() again.

confree(int s)

{
        ......
        ......
        close(s);
        ......
        ......
        if (fdcon[s].c_ssh) {

                ssh_packet_close(fdcon[s].c_ssh);
        ......
        ......

}

Fix -

confree(int s)
{
        ......
        ......
        if (fdcon[s].c_ssh) {
                ssh_packet_close(fdcon[s].c_ssh);
                free(fdcon[s].c_ssh);
                fdcon[s].c_ssh = NULL;
        } else
                close(s);
        ......
        ......
}

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list