diff options
| author | Quentin BUATHIER <qbuathier@tetrane.com> | 2018-08-08 16:14:39 +0200 |
|---|---|---|
| committer | Quentin BUATHIER <qbuathier@tetrane.com> | 2018-08-09 10:05:24 +0200 |
| commit | 96e163bdae65aa2c68e4301cf9ebe29e9f53f3d9 (patch) | |
| tree | fb124d903e6d0fa1a00c4d04ea9c98cc0db4657b | |
| parent | 474f64e5db23ccd14b2a281b4076be081297d110 (diff) | |
| download | libtdevnc-96e163bdae65aa2c68e4301cf9ebe29e9f53f3d9.tar.gz libtdevnc-96e163bdae65aa2c68e4301cf9ebe29e9f53f3d9.zip | |
Fix use-after-free
| -rw-r--r-- | libvncserver/main.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/libvncserver/main.c b/libvncserver/main.c index 05b4b13..106ebab 100644 --- a/libvncserver/main.c +++ b/libvncserver/main.c @@ -1081,15 +1081,21 @@ void rfbInitServer(rfbScreenInfoPtr screen) void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) { if(disconnectClients) { - rfbClientPtr cl; rfbClientIteratorPtr iter = rfbGetClientIterator(screen); - while( (cl = rfbClientIteratorNext(iter)) ) { - if (cl->sock > -1) { - /* we don't care about maxfd here, because the server goes away */ - rfbCloseClient(cl); - rfbClientConnectionGone(cl); + rfbClientPtr nextCl, currentCl = rfbClientIteratorNext(iter); + + while(currentCl) { + nextCl = rfbClientIteratorNext(iter); + if (currentCl->sock > -1) { + /* we don't care about maxfd here, because the server goes away */ + rfbCloseClient(currentCl); } + + rfbClientConnectionGone(currentCl); + + currentCl = nextCl; } + rfbReleaseClientIterator(iter); } |