From 74a66f6651915ec7247f7e534ff49b0164b2c9c9 Mon Sep 17 00:00:00 2001 From: kubistika Date: Tue, 11 Jun 2019 18:54:10 +0300 Subject: [PATCH] server/proxy: set ps->thread to NULL on disconnect freerdp_abort_connect calls the proxy's client stop function, that closes the thread handle. if it already closed by the server, a segfault will occur because CloseHandle will try to access free()'ed memory. --- server/proxy/pf_server.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/server/proxy/pf_server.c b/server/proxy/pf_server.c index 98e2ba1c4..6894e1530 100644 --- a/server/proxy/pf_server.c +++ b/server/proxy/pf_server.c @@ -55,13 +55,10 @@ static void pf_server_handle_client_disconnection(freerdp_peer* client) { - pServerContext* ps; - proxyData* pdata; - rdpContext* pc; - ps = (pServerContext*)client->context; - pc = (rdpContext*) ps->pdata->pc; - pdata = ps->pdata; - WLog_INFO(TAG, "Client %s disconnected; closing proxy's client <> target server connection %s", + pServerContext* ps = (pServerContext*)client->context; + rdpContext* pc = (rdpContext*) ps->pdata->pc; + proxyData* pdata = ps->pdata; + WLog_INFO(TAG, "Connection with %s was closed; closing proxy's client <> target server connection %s", client->hostname, pc->settings->ServerHostname); /* Mark connection closed for sContext */ SetEvent(pdata->connectionClosed); @@ -70,6 +67,7 @@ static void pf_server_handle_client_disconnection(freerdp_peer* client) WLog_DBG(TAG, "Waiting for proxy's client thread to finish"); WaitForSingleObject(ps->thread, INFINITE); CloseHandle(ps->thread); + ps->thread = NULL; } static BOOL pf_server_parse_target_from_routing_token(rdpContext* context,