See patch 3 for the description of the problem and reproducer Changes in v2:
- Improve finalizer robustness of TLS source - Keep cleanup in finalizer of websock, just augment it in the close method - Fix resetting of hs_ioc_tag value when callback is complete - Add CVE assignemnt in 3rd patch Daniel P. Berrangé (3): io: release active GSource in TLS channel finalizer io: move websock resource release to close method io: fix use after free in websocket handshake code include/io/channel-websock.h | 3 ++- io/channel-tls.c | 10 ++++++++++ io/channel-websock.c | 33 ++++++++++++++++++++++++++------- 3 files changed, 38 insertions(+), 8 deletions(-) -- 2.50.1
