[Pidgin] #11525: double free if ssl handshake fails with jabber
Pidgin
trac at pidgin.im
Thu Apr 1 02:45:04 EDT 2010
#11525: double free if ssl handshake fails with jabber
--------------------+-------------------------------------------------------
Reporter: ari | Owner: darkrain42
Type: defect | Status: closed
Milestone: 2.7.0 | Component: XMPP
Version: 2.6.6 | Resolution: fixed
Keywords: |
--------------------+-------------------------------------------------------
Changes (by darkrain42 at pidgin.im):
* status: new => closed
* resolution: => fixed
* milestone: => 2.7.0
Comment:
(In [51dddff91046a6665ccc0939eceb4a56dc296e4b]):[[BR]]
gnutls/nss: Don't call the handshake functions synchronously. Fixes
#11525
If the handshake callbacks are called sychronously and they fail
(e.g. passing GnuTLS a bad priority string or doing voodoo with NSS, see
#11524 for details), the error_cb is called and the gsc destroyed, but
this
happens /before/ the assignment to, e.g., js->gsc happens (see
jabber.c:tls_init). Thus, js->gsc is assigned a (now invalid) pointer
and jabber_close tries to free it (again).
--
Ticket URL: <http://developer.pidgin.im/ticket/11525#comment:4>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list