aboutsummaryrefslogtreecommitdiffstats
path: root/src/libserver/async_session.c
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2021-08-25 16:41:47 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2021-08-25 16:42:23 +0100
commit9d809fc59320afe0304d2e7194a5a68067fb60d2 (patch)
tree553f4e50d6dcad5b85cfcc4dcf3ba308c69a7b0f /src/libserver/async_session.c
parentced512c1e82f7a6630ec7a043865a82807e1a5c6 (diff)
downloadrspamd-9d809fc59320afe0304d2e7194a5a68067fb60d2.tar.gz
rspamd-9d809fc59320afe0304d2e7194a5a68067fb60d2.zip
[Fix] Add concept of uncancellable events to prevent use-after-free
Diffstat (limited to 'src/libserver/async_session.c')
-rw-r--r--src/libserver/async_session.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/src/libserver/async_session.c b/src/libserver/async_session.c
index 1bd4c77e9..057604447 100644
--- a/src/libserver/async_session.c
+++ b/src/libserver/async_session.c
@@ -278,20 +278,30 @@ rspamd_session_cleanup (struct rspamd_async_session *session)
}
session->flags |= RSPAMD_SESSION_FLAG_CLEANUP;
+ khash_t(rspamd_events_hash) *uncancellable_events = kh_init(rspamd_events_hash);
kh_foreach_key (session->events, ev, {
/* Call event's finalizer */
- msg_debug_session ("removed event on destroy: %p, subsystem: %s",
- ev->user_data,
- ev->subsystem);
+ int ret;
if (ev->fin != NULL) {
+ msg_debug_session ("removed event on destroy: %p, subsystem: %s",
+ ev->user_data,
+ ev->subsystem);
ev->fin (ev->user_data);
}
+ else {
+ msg_debug_session ("NOT removed event on destroy - uncancellable: %p, subsystem: %s",
+ ev->user_data,
+ ev->subsystem);
+ /* Assume an event is uncancellable, move it to a new hash table */
+ kh_put (rspamd_events_hash, uncancellable_events, ev, &ret);
+ }
});
- kh_clear (rspamd_events_hash, session->events);
-
+ kh_destroy (rspamd_events_hash, session->events);
+ session->events = uncancellable_events;
+ msg_debug_session ("pending %d uncancellable events", kh_size (uncancellable_events));
session->flags &= ~RSPAMD_SESSION_FLAG_CLEANUP;
}