From 77bd279a019bb4830749bcce65f9cebf0ac80442 Mon Sep 17 00:00:00 2001 From: VilhoRaatikka Date: Tue, 30 Dec 2014 12:28:36 +0200 Subject: [PATCH] Fix to prevent double free of dcb->data/session->data. If authentication fails, call free(dcb->data) only when DCB in question is *not* cloned. --- server/core/session.c | 2 +- server/modules/protocol/mysql_client.c | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/server/core/session.c b/server/core/session.c index 279d189e5..dee27e9f4 100644 --- a/server/core/session.c +++ b/server/core/session.c @@ -85,7 +85,7 @@ session_alloc(SERVICE *service, DCB *client_dcb) "session object due error %d, %s.", errno, strerror(errno)))); - if (client_dcb->data) + if (client_dcb->data && !DCB_IS_CLONE(client_dcb)) { free(client_dcb->data); client_dcb->data = NULL; diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 643f70a2d..3f91af2d9 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -685,7 +685,7 @@ int gw_read_client_event( dcb_close(dcb); } } - else + else { char* fail_str = NULL; @@ -721,7 +721,10 @@ int gw_read_client_event( /** * Release MYSQL_session since it is not used anymore. */ - free(dcb->data); + if (!DCB_IS_CLONE(dcb)) + { + free(dcb->data); + } dcb->data = NULL; dcb_close(dcb);