From 132ce797db44fc0b1fe5da9f40bc91e37e49ecb4 Mon Sep 17 00:00:00 2001
From: Michael Saxl <mike@mwsys.mine.bz>
Date: Sat, 1 Jul 2023 22:17:20 +0200
Subject: [PATCH] [core,gateway,wst] fix use after free in wst_connect

---
 libfreerdp/core/gateway/wst.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libfreerdp/core/gateway/wst.c b/libfreerdp/core/gateway/wst.c
index 3dc92eb46..59a364406 100644
--- a/libfreerdp/core/gateway/wst.c
+++ b/libfreerdp/core/gateway/wst.c
@@ -364,6 +364,7 @@ static BOOL wst_handle_ok_or_forbidden(rdpWst* wst, HttpResponse** ppresponse, D
 		WLog_DBG(TAG, "Got Affinity cookie %s", affinity);
 		http_context_set_cookie(wst->http, "ARRAffinity", affinity);
 		http_response_free(*ppresponse);
+		*ppresponse = NULL;
 		/* Terminate this connection and make a new one with the Loadbalancing Cookie */
 		int fd = BIO_get_fd(wst->tls->bio, NULL);
 		if (fd >= 0)
@@ -483,14 +484,14 @@ BOOL wst_connect(rdpWst* wst, DWORD timeout)
 		default:
 			break;
 	}
+
+	const BOOL isWebsocket = http_response_is_websocket(wst->http, response);
 	http_response_free(response);
 	if (!success)
 		return FALSE;
 
-	if (StatusCode == HTTP_STATUS_SWITCH_PROTOCOLS)
+	if (isWebsocket)
 	{
-		if (!http_response_is_websocket(wst->http, response))
-			return FALSE;
 		wst->wscontext.state = WebsocketStateOpcodeAndFin;
 		wst->wscontext.responseStreamBuffer = NULL;
 		return TRUE;