Hello,
Here's a patch to fix some segmentation fault (double free) issues: A channel requested by remote (can be client or server) will have the flag SSH_CHANNEL_FLAG_NOT_BOUND always set. So, if the program free the channel before receiving a close, it will be freed immediately and on receiving close, the callback will try to free it again causing a segmentation fault. This patch set a channel as bound when accepting a channel open request. Regards, Meng
From e2e4da1e99538140b5f6b2a9d1c7bd3b4c7b57b6 Mon Sep 17 00:00:00 2001 From: Meng Tan <[email protected]> Date: Thu, 1 Feb 2018 13:41:30 +0100 Subject: [PATCH] Set channel as bound when accepting channel open request Signed-off-by: Meng Tan <[email protected]> --- src/messages.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/messages.c b/src/messages.c index 4e4141e0..763a2732 100644 --- a/src/messages.c +++ b/src/messages.c @@ -1161,6 +1161,7 @@ int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_c chan->remote_maxpacket = msg->channel_request_open.packet_size; chan->remote_window = msg->channel_request_open.window; chan->state = SSH_CHANNEL_STATE_OPEN; + chan->flags &= ~SSH_CHANNEL_FLAG_NOT_BOUND; rc = ssh_buffer_pack(session->out_buffer, "bdddd", -- 2.11.0
