From 08aa373874d8a20f39e034754e040f3c0f95f5fc Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 1 Dec 2017 11:13:29 +0100 Subject: gnutls-serv: fix double-free on inactivity timeout Previously, gnutls-serv --echo segfaulted when closing client connection after inactivity timeout. Here is the valgrind output: ==20246== Invalid free() / delete / delete[] / realloc() ==20246== at 0x4C2FD18: free (vg_replace_malloc.c:530) ==20246== by 0x405310: listener_free (serv.c:154) ==20246== by 0x408B57: tcp_server (serv.c:1568) ==20246== by 0x407DA6: main (serv.c:1231) ==20246== Address 0x6ed4fe0 is 0 bytes inside a block of size 3 free'd ==20246== at 0x4C2FD18: free (vg_replace_malloc.c:530) ==20246== by 0x408A1D: tcp_server (serv.c:1548) ==20246== by 0x407DA6: main (serv.c:1231) ==20246== Block was alloc'd at ==20246== at 0x4C2EB6B: malloc (vg_replace_malloc.c:299) ==20246== by 0x6A64489: strdup (in /usr/lib64/libc-2.25.so) ==20246== by 0x407310: get_response (serv.c:948) ==20246== by 0x408840: tcp_server (serv.c:1492) ==20246== by 0x407DA6: main (serv.c:1231) ==20246== Signed-off-by: Daiki Ueno --- src/serv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/serv.c b/src/serv.c index 0387a5a90a..6da39da7de 100644 --- a/src/serv.c +++ b/src/serv.c @@ -1547,6 +1547,7 @@ static void tcp_server(const char *name, int port) j->http_state = HTTP_STATE_REQUEST; free(j-> http_response); + j->http_response = NULL; j->response_length = 0; j->request_length = 0; j->http_request[0] = 0; -- cgit v1.2.1