From 8361d34ff983d1abbf296892dac0557d843feb4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=3D=3FUTF-8=3Fq=3FJoakim=3D20S=3DC3=3DB6derberg=3F=3D?= Date: Thu, 25 Jun 2015 17:14:44 +0200 Subject: [PATCH] Bugfix: SSL code should not free wsi The SSL code should not do lws_free(new_wsi) here. The caller should clean up the wsi in libwebsocket_close_and_free_session. Instead this can potentially cause a crash during that call. Also if we fail to create the SSL for hte listener we should indicate failure to the caller. --- lib/ssl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/ssl.c b/lib/ssl.c index b8154683..cd7fa997 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -535,12 +535,12 @@ lws_server_socket_service_ssl(struct libwebsocket_context *context, new_wsi->ssl = SSL_new(context->ssl_ctx); if (new_wsi->ssl == NULL) { lwsl_err("SSL_new failed: %s\n", - ERR_error_string(SSL_get_error( - new_wsi->ssl, 0), NULL)); - libwebsockets_decode_ssl_error(); - lws_free(new_wsi); + ERR_error_string(SSL_get_error(new_wsi->ssl, 0), NULL)); + libwebsockets_decode_ssl_error(); + + // TODO: Shouldn't the caller handle this? compatible_close(accept_fd); - break; + goto fail; } SSL_set_ex_data(new_wsi->ssl,