mirror of
https://github.com/znc/znc.git
synced 2026-03-28 17:42:41 +01:00
b0e59f1294
If a module like imapauth needs some time to process a login, it's possible that the client already disconnected by the time the lookup finished. This would then cause a stale pointer in CAuthBase to be dereferenced. Fix this remotely exploitable crash bug by adding a new function CAuthBase::Invalidate(). After this was called, the CAuthBase instance doesn't do anything at all anymore, especially not dereferencing the (possibly stale) m_pSock pointer. This also makes sure that one can only call AcceptLogin() or RefuseLogin() once. Thanks to Sm0ke0ut for providing backtraces and reporting this bug. git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1669 726aef4b-f618-498e-8847-2d620e286838
32 KiB
32 KiB