[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Set channel as bound when accepting channel open request
[Thread Prev] | [Thread Next]
[Date Prev] | [Date Next]
- Subject: [PATCH] Set channel as bound when accepting channel open request
- From: Meng Hourk Tan <mtan@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Thu, 1 Feb 2018 13:16:23 +0000
- To: "libssh@xxxxxxxxxx" <libssh@xxxxxxxxxx>
Hello, Here's a patch to fix some segmentation fault (double free) issues: A channel requested by remote (can be client or server) will have the flag SSH_CHANNEL_FLAG_NOT_BOUND always set. So, if the program free the channel before receiving a close, it will be freed immediately and on receiving close, the callback will try to free it again causing a segmentation fault. This patch set a channel as bound when accepting a channel open request. Regards, Meng
From e2e4da1e99538140b5f6b2a9d1c7bd3b4c7b57b6 Mon Sep 17 00:00:00 2001
From: Meng Tan <mtan@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 1 Feb 2018 13:41:30 +0100
Subject: [PATCH] Set channel as bound when accepting channel open request
Signed-off-by: Meng Tan <mtan@xxxxxxxxxx>
---
src/messages.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/messages.c b/src/messages.c
index 4e4141e0..763a2732 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -1161,6 +1161,7 @@ int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_c
chan->remote_maxpacket = msg->channel_request_open.packet_size;
chan->remote_window = msg->channel_request_open.window;
chan->state = SSH_CHANNEL_STATE_OPEN;
+ chan->flags &= ~SSH_CHANNEL_FLAG_NOT_BOUND;
rc = ssh_buffer_pack(session->out_buffer,
"bdddd",
--
2.11.0
| Re: [PATCH] Set channel as bound when accepting channel open request | Andreas Schneider <asn@xxxxxxxxxxxxxx> |