From 92f276c2cf7fabefd50be97e97e29e052201d4cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joakim=20S=C3=B6derberg?= Date: Thu, 25 Jun 2015 17:14:44 +0200 Subject: [PATCH] Bugfix: SSL code should not free wsi The SSL code should not do lws_free(new_wsi) here. The caller should clean up the wsi in libwebsocket_close_and_free_session. Instead this can potentially cause a crash during that call. Also if we fail to create the SSL for hte listener we should indicate failure to the caller. --- lib/ssl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/ssl.c b/lib/ssl.c index f6276932f..16905470f 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -520,12 +520,12 @@ lws_server_socket_service_ssl(struct libwebsocket_context *context, new_wsi->ssl = SSL_new(context->ssl_ctx); if (new_wsi->ssl == NULL) { lwsl_err("SSL_new failed: %s\n", - ERR_error_string(SSL_get_error( - new_wsi->ssl, 0), NULL)); - libwebsockets_decode_ssl_error(); - lws_free(new_wsi); + ERR_error_string(SSL_get_error(new_wsi->ssl, 0), NULL)); + libwebsockets_decode_ssl_error(); + + // TODO: Shouldn't the caller handle this? compatible_close(accept_fd); - break; + goto fail; } SSL_set_ex_data(new_wsi->ssl,