Fri Jun 4 10:54:04 2010 Jan Just Keijser <jan.just.keijser@gmail.com>
* pptp_ctrl.c: check for failure return by pptp_send_ctrl_packet
and avoid using freed struct conn.
--- pptp_ctrl.c 2010-06-15 15:05:46.743913798 +0100
+++ pptp_ctrl.c 2010-06-15 14:32:00.480100647 +0100
@@ -396,9 +400,10 @@
/* don't check state against WAIT_DISCONNECT... allow multiple disconnect
* requests to be made.
*/
- pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst));
- pptp_reset_timer();
- call->state.pns = PNS_WAIT_DISCONNECT;
+ if (pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst))) {
+ pptp_reset_timer();
+ call->state.pns = PNS_WAIT_DISCONNECT;
+ }
/* call structure will be freed when we have confirmation of disconnect. */
}
@@ -431,9 +436,10 @@
pptp_call_close(conn, vector_get_Nth(conn->call, i));
/* now close connection */
log("Closing PPTP connection");
- pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst));
- pptp_reset_timer(); /* wait 60 seconds for reply */
- conn->conn_state = CONN_WAIT_STOP_REPLY;
+ if (pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst))) {
+ pptp_reset_timer(); /* wait 60 seconds for reply */
+ conn->conn_state = CONN_WAIT_STOP_REPLY;
+ }
return;
}
@@ -733,8 +739,8 @@
reply.version = packet->version;
/* protocol version not supported */
reply.result_code = hton8(5);
- pptp_send_ctrl_packet(conn, &reply, sizeof(reply));
- pptp_reset_timer(); /* give sender a chance for a retry */
+ if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply)))
+ pptp_reset_timer(); /* give sender a chance for a retry */
} else { /* same or greater version */
if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply))) {
conn->conn_state = CONN_ESTABLISHED;
@@ -841,8 +847,8 @@
hton8(1), hton8(PPTP_GENERAL_ERROR_NONE), 0
};
logecho( PPTP_ECHO_RQST);
- pptp_send_ctrl_packet(conn, &reply, sizeof(reply));
- pptp_reset_timer();
+ if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply)))
+ pptp_reset_timer();
break;
}
/* ----------- OUTGOING CALL MESSAGES ------------ */
@@ -928,9 +935,10 @@
vector_search(conn->call, ntoh16(packet->call_id), &call);
if (call->callback != NULL)
call->callback(conn, call, CALL_CLOSE_RQST);
- pptp_send_ctrl_packet(conn, &reply, sizeof(reply));
- pptp_call_destroy(conn, call);
- log("Call closed (RQST) (call id %d)", (int) call->call_id);
+ if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply))) {
+ pptp_call_destroy(conn, call);
+ log("Call closed (RQST) (call id %d)", (int) call->call_id);
+ }
}
break;
}
@@ -1067,8 +1075,9 @@
} else { /* ka_state == NONE */ /* send keep-alive */
struct pptp_echo_rqst rqst = {
PPTP_HEADER_CTRL(PPTP_ECHO_RQST), hton32(global.conn->ka_id) };
- pptp_send_ctrl_packet(global.conn, &rqst, sizeof(rqst));
- global.conn->ka_state = KA_OUTSTANDING;
+ if (pptp_send_ctrl_packet(global.conn, &rqst, sizeof(rqst))) {
+ global.conn->ka_state = KA_OUTSTANDING;
+ }
}
/* check incoming/outgoing call states for !IDLE && !ESTABLISHED */
for (i = 0; i < vector_size(global.conn->call); i++) {