[dovecot-cvs] dovecot/src/login-common auth-connection.c,1.2,1.3 auth-connection.h,1.1,1.2

[cras at procontrol.fi]

Update of /home/cvs/dovecot/src/login-common
In directory danu:/tmp/cvs-serv16304

Modified Files:
	auth-connection.c auth-connection.h 
Log Message:
make sure we don't access free'd memory if auth process dies.



Index: auth-connection.c
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/auth-connection.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- auth-connection.c	2 Feb 2003 08:11:33 -0000	1.2
+++ auth-connection.c	2 Feb 2003 09:45:07 -0000	1.3
@@ -27,6 +27,8 @@
 static struct timeout *to;
 
 static void auth_connection_destroy(struct auth_connection *conn);
+static void auth_connection_unref(struct auth_connection *conn);
+
 static void auth_input(void *context);
 static void auth_connect_missing(void);
 
@@ -59,6 +61,7 @@
         net_set_nonblock(fd, FALSE);
 
 	conn = i_new(struct auth_connection, 1);
+	conn->refcount = 1;
 	conn->path = i_strdup(path);
 	conn->fd = fd;
 	conn->io = io_add(fd, IO_READ, auth_input, conn);
@@ -88,12 +91,19 @@
 	i_free(request);
 }
 
+static void request_hash_remove(void *key __attr_unused__, void *value,
+				void *context __attr_unused__)
+{
+	struct auth_request *request = value;
+
+	request->callback(request, NULL, NULL, request->context);
+}
+
 static void request_hash_destroy(void *key __attr_unused__, void *value,
 				 void *context __attr_unused__)
 {
 	struct auth_request *request = value;
 
-	request->callback(request, NULL, NULL, request->context);
 	request_destroy(request);
 }
 
@@ -101,6 +111,9 @@
 {
 	struct auth_connection **pos;
 
+	if (conn->fd == -1)
+		return;
+
 	for (pos = &auth_connections; *pos != NULL; pos = &(*pos)->next) {
 		if (*pos == conn) {
 			*pos = conn->next;
@@ -108,12 +121,24 @@
 		}
 	}
 
-	hash_foreach(conn->requests, request_hash_destroy, NULL);
-	hash_destroy(conn->requests);
-
 	if (close(conn->fd) < 0)
 		i_error("close(auth) failed: %m");
 	io_remove(conn->io);
+	conn->fd = -1;
+
+	hash_foreach(conn->requests, request_hash_remove, NULL);
+
+        auth_connection_unref(conn);
+}
+
+static void auth_connection_unref(struct auth_connection *conn)
+{
+	if (--conn->refcount > 0)
+		return;
+
+	hash_foreach(conn->requests, request_hash_destroy, NULL);
+	hash_destroy(conn->requests);
+
 	i_stream_unref(conn->input);
 	o_stream_unref(conn->output);
 	i_free(conn->path);
@@ -307,6 +332,16 @@
 void auth_abort_request(struct auth_request *request)
 {
         request_destroy(request);
+}
+
+void auth_request_ref(struct auth_request *request)
+{
+	request->conn->refcount++;
+}
+
+void auth_request_unref(struct auth_request *request)
+{
+	auth_connection_unref(request->conn);
 }
 
 static void auth_connect_missing(void)

Index: auth-connection.h
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/auth-connection.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- auth-connection.h	28 Jan 2003 21:35:26 -0000	1.1
+++ auth-connection.h	2 Feb 2003 09:45:07 -0000	1.2
@@ -11,6 +11,7 @@
 
 struct auth_connection {
 	struct auth_connection *next;
+	int refcount;
 
 	char *path;
 	int fd;
@@ -49,6 +50,9 @@
 			   const unsigned char *data, size_t data_size);
 
 void auth_abort_request(struct auth_request *request);
+
+void auth_request_ref(struct auth_request *request);
+void auth_request_unref(struct auth_request *request);
 
 void auth_connection_init(void);
 void auth_connection_deinit(void);