psychon b0e59f1294 Fix a crash bug with auth modules ...

If a module like imapauth needs some time to process a login, it's possible that
the client already disconnected by the time the lookup finished. This would then
cause a stale pointer in CAuthBase to be dereferenced.

Fix this remotely exploitable crash bug by adding a new function
CAuthBase::Invalidate(). After this was called, the CAuthBase instance doesn't
do anything at all anymore, especially not dereferencing the (possibly stale)
m_pSock pointer.

This also makes sure that one can only call AcceptLogin() or RefuseLogin() once.

Thanks to Sm0ke0ut for providing backtraces and reporting this bug.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1669 726aef4b-f618-498e-8847-2d620e286838

2009-11-28 18:53:20 +00:00

22 KiB

Raw Blame History

View Raw