From 11dbeed1a8d81c775a64e22707f5fcadb240829e Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Sat, 27 Apr 2024 12:00:34 -0700 Subject: Another attempt at the close deadlock, fix use-after-free. When closing pipes, we defer them to be reaped, but also leave them in the match list where they might be picked up by ep_match, or leak. It's best to reap these proactively and ensure that they are not allowed to life longer once they have errored during the negotiation phase. --- src/sp/transport/tls/tls.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/sp/transport/tls') diff --git a/src/sp/transport/tls/tls.c b/src/sp/transport/tls/tls.c index 30a95725..631d74d7 100644 --- a/src/sp/transport/tls/tls.c +++ b/src/sp/transport/tls/tls.c @@ -285,6 +285,7 @@ error: if (rv == NNG_ECLOSED) { rv = NNG_ECONNSHUT; } + nni_list_remove(&ep->negopipes, p); nng_stream_close(p->tls); if ((uaio = ep->useraio) != NULL) { -- cgit v1.2.3-70-g09d2