[lib] Do not call vty_close in vty_log_out to avoid possible free memory access
2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* vty.c: (vty_log_out) Do not call vty_close, because this could
result in a parent function's accessing the freed memory.
Instead, set status VTY_CLOSE and call shutdown(vty->fd, SHUT_RDWR).
And add a comment on vty_close.
diff --git a/lib/vty.c b/lib/vty.c
index 98e7506..4288e15 100644
--- a/lib/vty.c
+++ b/lib/vty.c
@@ -186,7 +186,10 @@
zlog_warn("%s: write failed to vty client fd %d, closing: %s",
__func__, vty->fd, safe_strerror(errno));
buffer_reset(vty->obuf);
- vty_close(vty);
+ /* cannot call vty_close, because a parent routine may still try
+ to access the vty struct */
+ vty->status = VTY_CLOSE;
+ shutdown(vty->fd, SHUT_RDWR);
return -1;
}
return 0;
@@ -2141,7 +2144,10 @@
#endif /* VTYSH */
}
-/* Close vty interface. */
+/* Close vty interface. Warning: call this only from functions that
+ will be careful not to access the vty afterwards (since it has
+ now been freed). This is safest from top-level functions (called
+ directly by the thread dispatcher). */
void
vty_close (struct vty *vty)
{