terminate_connection(): Avoid use-after-free and double-free for

[tinc] / src / net.c

diff --git a/src/net.c b/src/net.c
index 10a2d20..2565be1 100644 (file)
--- a/src/net.c
+++ b/src/net.c
@@ -1,7 +1,7 @@
 /*
     net.c -- most of the network code
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2011 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                  2011      Loïc Grenié <loic.grenie@gmail.com>
 
@@ -121,6 +121,7 @@ void terminate_connection(connection_t *c, bool report) {
                        send_del_edge(everyone, c->edge);
 
                edge_del(c->edge);
+               c->edge = NULL;
 
                /* Run MST and SSSP algorithms */
 
@@ -139,12 +140,13 @@ void terminate_connection(connection_t *c, bool report) {
                }
        }
 
-       /* Check if this was our outgoing connection */
+       free_connection_partially(c);
 
-       if(c->outgoing)
-               retry_outgoing(c->outgoing);
+       /* Check if this was our outgoing connection */
 
-       connection_del(c);
+       if(c->outgoing) {
+               do_outgoing_connection(c);      
+       }
 }
 
 /*
@@ -171,7 +173,7 @@ static void timeout_handler(int fd, short events, void *event) {
                        if(c->status.active) {
                                if(c->status.pinged) {
                                        logger(DEBUG_CONNECTIONS, LOG_INFO, "%s (%s) didn't respond to PING in %ld seconds",
-                                                          c->name, c->hostname, now - c->last_ping_time);
+                                                          c->name, c->hostname, (long)now - c->last_ping_time);
                                        terminate_connection(c, true);
                                        continue;
                                } else if(c->last_ping_time + pinginterval <= now) {