From a7d26bb598a8c8aaf8a7080ee4a9f0f9036f1b59 Mon Sep 17 00:00:00 2001 From: psychon Date: Wed, 10 Mar 2010 19:16:38 +0000 Subject: [PATCH] Fix a crash bug in WebModules WebModules use CHTTPSock for the HTTP server. That class requires a CModule instance for working since it's based on CSocket. This was solved by creating a fake module instance which is destroyed when the socket is destroyed. The problem here was that CSocket's destructor tried to access that module instance which was already destroyed resulting in a use-after-free. git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1824 726aef4b-f618-498e-8847-2d620e286838 --- Socket.cpp | 10 +++++++--- WebModules.cpp | 8 ++++---- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Socket.cpp b/Socket.cpp index 1274d6ae..2a1d29f2 100644 --- a/Socket.cpp +++ b/Socket.cpp @@ -44,11 +44,15 @@ CSocket::CSocket(CModule* pModule, const CString& sHostname, unsigned short uPor } CSocket::~CSocket() { - CUser *pUser = m_pModule->GetUser(); + CUser *pUser = NULL; - m_pModule->UnlinkSocket(this); + // CWebSock could cause us to have a NULL pointer here + if (m_pModule) { + pUser = m_pModule->GetUser(); + m_pModule->UnlinkSocket(this); + } - if (!m_pModule->IsGlobal() && pUser) { + if (pUser && !m_pModule->IsGlobal()) { pUser->AddBytesWritten(GetBytesWritten()); pUser->AddBytesRead(GetBytesRead()); } else { diff --git a/WebModules.cpp b/WebModules.cpp index aec6f25e..c3578ca3 100644 --- a/WebModules.cpp +++ b/WebModules.cpp @@ -118,10 +118,10 @@ CWebSock::~CWebSock() { } // If the module IsFake() then it was created as a dummy and needs to be deleted - CModule* pMod = GetModule(); - if (pMod && pMod->IsFake()) { - pMod->UnlinkSocket(this); - delete pMod; + if (m_pModule && m_pModule->IsFake()) { + m_pModule->UnlinkSocket(this); + delete m_pModule; + m_pModule = NULL; } }