[daap] Fix for use-after-free

Present in 28.7 and 28.8. Closes #1659.

Credit X-Ryl669.
This commit is contained in:
ejurgensen 2023-09-30 23:06:09 +02:00
parent 4662cd4cce
commit 8528073003
2 changed files with 6 additions and 5 deletions

View File

@ -2264,8 +2264,6 @@ daap_request(struct httpd_request *hreq)
ret = hreq->handler(hreq); ret = hreq->handler(hreq);
daap_reply_send(hreq, ret);
clock_gettime(CLOCK_MONOTONIC, &end); clock_gettime(CLOCK_MONOTONIC, &end);
msec = (end.tv_sec * 1000 + end.tv_nsec / 1000000) - (start.tv_sec * 1000 + start.tv_nsec / 1000000); msec = (end.tv_sec * 1000 + end.tv_nsec / 1000000) - (start.tv_sec * 1000 + start.tv_nsec / 1000000);
@ -2273,6 +2271,8 @@ daap_request(struct httpd_request *hreq)
if (ret == DAAP_REPLY_OK && msec > cache_daap_threshold() && hreq->user_agent) if (ret == DAAP_REPLY_OK && msec > cache_daap_threshold() && hreq->user_agent)
cache_daap_add(hreq->uri, hreq->user_agent, ((struct daap_session *)hreq->extra_data)->is_remote, msec); cache_daap_add(hreq->uri, hreq->user_agent, ((struct daap_session *)hreq->extra_data)->is_remote, msec);
daap_reply_send(hreq, ret); // hreq is deallocted
} }
int int

View File

@ -224,7 +224,8 @@ httpd_response_not_cachable(struct httpd_request *hreq);
* may direct it not to. It will set CORS headers as appropriate. Should be * may direct it not to. It will set CORS headers as appropriate. Should be
* thread safe. * thread safe.
* *
* @in req The http request struct * @in hreq The http request struct. NOTE: is automatically deallocated if
* this is the final reply.
* @in code HTTP code, e.g. 200 * @in code HTTP code, e.g. 200
* @in reason A brief explanation of the error - if NULL the standard meaning * @in reason A brief explanation of the error - if NULL the standard meaning
of the error code will be used of the error code will be used
@ -248,7 +249,8 @@ httpd_send_reply_end(struct httpd_request *hreq);
* which is not possible with evhttp_send_error, because it clears the headers. * which is not possible with evhttp_send_error, because it clears the headers.
* Should be thread safe. * Should be thread safe.
* *
* @in req The http request struct * @in hreq The http request struct. NOTE: is automatically deallocated if
* this is the final reply.
* @in error HTTP code, e.g. 200 * @in error HTTP code, e.g. 200
* @in reason A brief explanation of the error - if NULL the standard meaning * @in reason A brief explanation of the error - if NULL the standard meaning
of the error code will be used of the error code will be used
@ -256,7 +258,6 @@ httpd_send_reply_end(struct httpd_request *hreq);
void void
httpd_send_error(struct httpd_request *hreq, int error, const char *reason); httpd_send_error(struct httpd_request *hreq, int error, const char *reason);
void void
httpd_redirect_to(struct httpd_request *hreq, const char *path); httpd_redirect_to(struct httpd_request *hreq, const char *path);