Fixes use after free during ipcs client disconnect

ClusterLabs · Jul 22, 2013 · 73827cf · 73827cf
1 parent 70a7aca
commit 73827cf
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/lib/ipcs.c b/lib/ipcs.c
@@ -691,9 +691,8 @@ _process_request_(struct qb_ipcs_connection *c, int32_t ms_timeout)
 	} else if (size == 0 || hdr->id == QB_IPC_MSG_DISCONNECT) {
 		qb_util_log(LOG_DEBUG, "client requesting a disconnect (%s)",
 			    c->description);
-		qb_ipcs_disconnect(c);
-		c = NULL;
 		res = -ESHUTDOWN;
+		goto cleanup;
 	} else {
 		c->stats.requests++;
 		res = c->service->serv_fns.msg_process(c, hdr, hdr->size);
@@ -800,6 +799,11 @@ qb_ipcs_dispatch_connection_request(int32_t fd, int32_t revents, void *data)
 
 	do {
 		res = _process_request_(c, IPC_REQUEST_TIMEOUT);
+
+		if (res == -ESHUTDOWN) {
+			goto dispatch_cleanup;
+		}
+
 		if (res > 0 || res == -ENOBUFS || res == -EINVAL) {
 			recvd++;
 		}