Andreas/tbamud
1
0
Fork 0
mirror of https://github.com/tbamud/tbamud.git synced 2025-09-21 21:40:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix bug in process_output

Browse source 
Based on error report from JTP in the tbamud forums. If an attacker was able to start a session and then break the connection, the  process_output function would fail. This would trigger two calls to close_socket on the same descriptor. This in turn results in a double free on the character struct.
This commit is contained in:
Thomas Arp 2024-12-22 15:27:40 +01:00 committed by GitHub
parent 88b3027ec6
commit 514af55ed6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/comm.c
View file

@ -1596,7 +1596,7 @@ static int process_output(struct descriptor_data *t)
result = write_to_descriptor(t->descriptor, osb);
if (result < 0) { /* Oops, fatal error. Bye! */
close_socket(t);
// close_socket(t); // close_socket is called after return of negative result
return (-1);
} else if (result == 0) /* Socket buffer full. Try later. */
return (0);