mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix race condition in freerdp_channels_client_load

Browse Source 
If g_pInterface is set to NULL outside the critical section in one thread
while another thread is in the critical section, the channel client context
allocated in the VirtualChannelEntry won't end up getting freed.

The channel client context is normally loaded from g_pInterface in
FreeRDP_VirtualChannelInit and stored in the pChannelInitData, then copied
from there onto the pChannelOpenData structure in FreeRDP_VirtualChannelOpen
and finally freed in freerdp_channels_free.
This commit is contained in:
Clive Stevens 2015-07-29 14:08:31 +01:00
parent dfa29804ad
commit 99228ee254
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libfreerdp/core/client.c
View File

@ -720,7 +720,6 @@ int freerdp_channels_client_load(rdpChannels* channels, rdpSettings* settings, P
EntryPoints.pVirtualChannelClose = FreeRDP_VirtualChannelClose; EntryPoints.pVirtualChannelClose = FreeRDP_VirtualChannelClose;
EntryPoints.pVirtualChannelWrite = FreeRDP_VirtualChannelWrite; EntryPoints.pVirtualChannelWrite = FreeRDP_VirtualChannelWrite;
g_pInterface = NULL;
EntryPoints.MagicNumber = FREERDP_CHANNEL_MAGIC_NUMBER; EntryPoints.MagicNumber = FREERDP_CHANNEL_MAGIC_NUMBER;
EntryPoints.ppInterface = &g_pInterface; EntryPoints.ppInterface = &g_pInterface;
EntryPoints.pExtendedData = data; EntryPoints.pExtendedData = data;
@ -731,6 +730,7 @@ int freerdp_channels_client_load(rdpChannels* channels, rdpSettings* settings, P
EnterCriticalSection(&g_channels_lock); EnterCriticalSection(&g_channels_lock);
g_pInterface = NULL;
g_ChannelInitData.channels = channels; g_ChannelInitData.channels = channels;
status = pChannelClientData->entry((PCHANNEL_ENTRY_POINTS) &EntryPoints); status = pChannelClientData->entry((PCHANNEL_ENTRY_POINTS) &EntryPoints);