On Sun, Feb 14, 2016 at 03:54:04PM +0100, Alexander Schrijver wrote:
> On Sun, Feb 14, 2016 at 12:20:53PM +0100, Martin Natano wrote:
> > Are you sure the issue you ran into is caused by server_close_http()
> > being called twice? The only caller thereof is server_free(), which also
> > frees the client struct. This would result in use after free in
> > server_close_http() even before the str_match_free() call. I would
> > rather guess that the sequence in question is server_close_http() being
> > called after server_reset_http().
> >
> > However, your patch looks good to me.
> >
> > natano
>
> I am sorry, you are right, it was not server_close_http being called twice.
> Instead, it was server_reset_http being called twice.
>
The patch makes sens to me also. I am OK with it.
Any other dev in order to commit it ?
--
Sebastien Marie
Index: patterns.c
===================================================================
RCS file: /backup/mirrors/cvsync/src/usr.sbin/httpd/patterns.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 patterns.c
--- patterns.c 18 Aug 2015 08:26:39 -0000 1.4
+++ patterns.c 11 Feb 2016 14:45:55 -0000
@@ -708,5 +708,6 @@ str_match_free(struct str_match *m)
for (i = 0; i < m->sm_nmatch; i++)
free(m->sm_match[i]);
free(m->sm_match);
+ m->sm_match = NULL;
m->sm_nmatch = 0;
}
