summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew J. Schorr <ajschorr@alumni.princeton.edu>2006-07-11 00:06:49 +0000
committerAndrew J. Schorr <ajschorr@alumni.princeton.edu>2006-07-11 00:06:49 +0000
commit9d0a3260b2d1b57b7edfd3f72885d861883d4621 (patch)
tree019901060c5b0b34154b084e9ae551af33319a6d
parent74542d730198a37a872b7114643e29e99c551bcf (diff)
[lib] Do not call vty_close in vty_log_out to avoid possible free memory access
2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu> * vty.c: (vty_log_out) Do not call vty_close, because this could result in a parent function's accessing the freed memory. Instead, set status VTY_CLOSE and call shutdown(vty->fd, SHUT_RDWR). And add a comment on vty_close.
-rw-r--r--lib/ChangeLog7
-rw-r--r--lib/vty.c10
2 files changed, 15 insertions, 2 deletions
diff --git a/lib/ChangeLog b/lib/ChangeLog
index 25df2657..02148671 100644
--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@@ -1,5 +1,12 @@
2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
+ * vty.c: (vty_log_out) Do not call vty_close, because this could
+ result in a parent function's accessing the freed memory.
+ Instead, set status VTY_CLOSE and call shutdown(vty->fd, SHUT_RDWR).
+ And add a comment on vty_close.
+
+2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
+
* vty.c: (vty_log_out, vty_read, vty_flush, vtysh_flush, vtysh_read)
After an I/O error, must set vty->monitor to 0 before calling
zlog_warn, otherwise an infinite recursion could occur
diff --git a/lib/vty.c b/lib/vty.c
index 98e75060..4288e150 100644
--- a/lib/vty.c
+++ b/lib/vty.c
@@ -186,7 +186,10 @@ vty_log_out (struct vty *vty, const char *level, const char *proto_str,
zlog_warn("%s: write failed to vty client fd %d, closing: %s",
__func__, vty->fd, safe_strerror(errno));
buffer_reset(vty->obuf);
- vty_close(vty);
+ /* cannot call vty_close, because a parent routine may still try
+ to access the vty struct */
+ vty->status = VTY_CLOSE;
+ shutdown(vty->fd, SHUT_RDWR);
return -1;
}
return 0;
@@ -2141,7 +2144,10 @@ vty_serv_sock (const char *addr, unsigned short port, const char *path)
#endif /* VTYSH */
}
-/* Close vty interface. */
+/* Close vty interface. Warning: call this only from functions that
+ will be careful not to access the vty afterwards (since it has
+ now been freed). This is safest from top-level functions (called
+ directly by the thread dispatcher). */
void
vty_close (struct vty *vty)
{