From 82dce653c6fdbd7170bfe1c17c7a7f50b6e05732 Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Sun, 19 Aug 2018 17:11:17 -0700 Subject: fixes #638 Race condition detected in websocket fixes #651 Use after free in websocket --- src/supplemental/websocket/websocket.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/supplemental/websocket') diff --git a/src/supplemental/websocket/websocket.c b/src/supplemental/websocket/websocket.c index 05eab36b..efa0fdf8 100644 --- a/src/supplemental/websocket/websocket.c +++ b/src/supplemental/websocket/websocket.c @@ -441,6 +441,7 @@ ws_close_cb(void *arg) } ws_msg_fini(wm); } + ws->txframe = NULL; if (ws->rxframe != NULL) { ws_frame_fini(ws->rxframe); @@ -1263,10 +1264,10 @@ ws_http_cb_dialer(nni_ws *ws, nni_aio *aio) char wskey[29]; const char * ptr; - d = ws->dialer; + d = ws->dialer; + nni_mtx_lock(&d->mtx); uaio = ws->useraio; - nni_mtx_lock(&d->mtx); // We have two steps. In step 1, we just sent the request, // and need to retrieve the reply. In step two we have // received the reply, and need to validate it. -- cgit v1.2.3-70-g09d2