projects / silc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix double free in silcd.
[silc.git] / apps / silcd / server_util.c
diff --git a/apps/silcd/server_util.c b/apps/silcd/server_util.c
index 1f61876fad7a3ccee4a8e446ce3bd42761f25921..74ce18ba2902866107148517f3f961fe645dd714 100644 (file)
--- a/apps/silcd/server_util.c
+++ b/apps/silcd/server_util.c
@@ -228,6 +228,8 @@ SilcBool silc_server_remove_clients_by_server(SilcServer server,
        client->mode = 0;
        client->router = NULL;
        client->connection = NULL;
+       client->data.created = silc_time();
+       silc_dlist_del(server->expired_clients, client);
        silc_dlist_add(server->expired_clients, client);
       } else {
        silc_idlist_del_data(client);
@@ -289,6 +291,8 @@ SilcBool silc_server_remove_clients_by_server(SilcServer server,
        client->mode = 0;
        client->router = NULL;
        client->connection = NULL;
+       client->data.created = silc_time();
+       silc_dlist_del(server->expired_clients, client);
        silc_dlist_add(server->expired_clients, client);
       } else {
        silc_idlist_del_data(client);
@@ -1195,6 +1199,7 @@ SilcBool silc_server_connection_allowed(SilcServer server,
       silc_server_disconnect_remote(server, sock,
                                    SILC_STATUS_ERR_BAD_VERSION,
                                    "You support too old protocol version");
+      silc_server_free_sock_user_data(server, sock, NULL);
       return FALSE;
     }
 
@@ -1206,6 +1211,7 @@ SilcBool silc_server_connection_allowed(SilcServer server,
       silc_server_disconnect_remote(server, sock,
                                    SILC_STATUS_ERR_BAD_VERSION,
                                    "You support too old software version");
+      silc_server_free_sock_user_data(server, sock, NULL);
       return FALSE;
     }
 
@@ -1217,6 +1223,7 @@ SilcBool silc_server_connection_allowed(SilcServer server,
       silc_server_disconnect_remote(server, sock,
                                    SILC_STATUS_ERR_BAD_VERSION,
                                    "Your software is not supported");
+      silc_server_free_sock_user_data(server, sock, NULL);
       return FALSE;
     }
   }
@@ -1236,6 +1243,7 @@ SilcBool silc_server_connection_allowed(SilcServer server,
     silc_server_disconnect_remote(server, sock,
                                  SILC_STATUS_ERR_RESOURCE_LIMIT,
                                  "Server is full, try again later");
+    silc_server_free_sock_user_data(server, sock, NULL);
     return FALSE;
   }
 
@@ -1247,6 +1255,7 @@ SilcBool silc_server_connection_allowed(SilcServer server,
     silc_server_disconnect_remote(server, sock,
                                  SILC_STATUS_ERR_RESOURCE_LIMIT,
                                  "Too many connections from your host");
+    silc_server_free_sock_user_data(server, sock, NULL);
     return FALSE;
   }
 
@@ -1538,8 +1547,17 @@ void silc_server_kill_client(SilcServer server,
   if (remote_client->connection) {
     /* Remove locally conneted client */
     SilcPacketStream sock = remote_client->connection;
-    silc_server_free_client_data(server, sock, remote_client, FALSE, NULL);
-    silc_server_close_connection(server, sock);
+
+    if (sock)
+      silc_packet_stream_ref(sock);
+
+    silc_server_free_sock_user_data(server, sock, NULL);
+
+    if (sock) {
+      silc_packet_set_context(sock, NULL);
+      silc_server_close_connection(server, sock);
+      silc_packet_stream_unref(sock);
+    }
   } else {
     /* Update statistics */
     server->stat.clients--;
@@ -1561,6 +1579,7 @@ void silc_server_kill_client(SilcServer server,
     }
 
     /* Remove remote client */
+    silc_dlist_del(server->expired_clients, remote_client);
     silc_idlist_del_data(remote_client);
     if (!silc_idlist_del_client(server->global_list, remote_client)) {
       /* Remove this client from watcher list if it is */
@@ -2102,6 +2121,8 @@ SilcBuffer silc_server_get_channel_pk_list(SilcServer server,
   silc_hash_table_list(channel->channel_pubkeys, &htl);
   while (silc_hash_table_get(&htl, NULL, (void *)&pk)) {
     pkp = silc_public_key_payload_encode(pk);
+    if (!pkp)
+      continue;
     list = silc_argument_payload_encode_one(list, pkp->data,
                                            silc_buffer_len(pkp),
                                            announce ? 0x03 :
SILC - Secure Internet Live Conferencing