diff options
| author | Andrew J. Schorr <ajschorr@alumni.princeton.edu> | 2006-07-11 00:06:49 +0000 |
|---|---|---|
| committer | Andrew J. Schorr <ajschorr@alumni.princeton.edu> | 2006-07-11 00:06:49 +0000 |
| commit | 9d0a3260b2d1b57b7edfd3f72885d861883d4621 (patch) | |
| tree | 019901060c5b0b34154b084e9ae551af33319a6d | |
| parent | 74542d730198a37a872b7114643e29e99c551bcf (diff) | |
[lib] Do not call vty_close in vty_log_out to avoid possible free memory access
2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* vty.c: (vty_log_out) Do not call vty_close, because this could
result in a parent function's accessing the freed memory.
Instead, set status VTY_CLOSE and call shutdown(vty->fd, SHUT_RDWR).
And add a comment on vty_close.
| -rw-r--r-- | lib/ChangeLog | 7 | ||||
| -rw-r--r-- | lib/vty.c | 10 |
2 files changed, 15 insertions, 2 deletions
diff --git a/lib/ChangeLog b/lib/ChangeLog index 25df2657..02148671 100644 --- a/lib/ChangeLog +++ b/lib/ChangeLog @@ -1,5 +1,12 @@ 2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu> + * vty.c: (vty_log_out) Do not call vty_close, because this could + result in a parent function's accessing the freed memory. + Instead, set status VTY_CLOSE and call shutdown(vty->fd, SHUT_RDWR). + And add a comment on vty_close. + +2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu> + * vty.c: (vty_log_out, vty_read, vty_flush, vtysh_flush, vtysh_read) After an I/O error, must set vty->monitor to 0 before calling zlog_warn, otherwise an infinite recursion could occur @@ -186,7 +186,10 @@ vty_log_out (struct vty *vty, const char *level, const char *proto_str, zlog_warn("%s: write failed to vty client fd %d, closing: %s", __func__, vty->fd, safe_strerror(errno)); buffer_reset(vty->obuf); - vty_close(vty); + /* cannot call vty_close, because a parent routine may still try + to access the vty struct */ + vty->status = VTY_CLOSE; + shutdown(vty->fd, SHUT_RDWR); return -1; } return 0; @@ -2141,7 +2144,10 @@ vty_serv_sock (const char *addr, unsigned short port, const char *path) #endif /* VTYSH */ } -/* Close vty interface. */ +/* Close vty interface. Warning: call this only from functions that + will be careful not to access the vty afterwards (since it has + now been freed). This is safest from top-level functions (called + directly by the thread dispatcher). */ void vty_close (struct vty *vty) { |