From: Nick Mathewson Date: Sat, 13 Mar 2010 05:23:06 +0000 (-0500) Subject: Fix a possible double-free bug in SSL bufferevents with CLOSE_ON_FREE X-Git-Tag: release-2.0.5-beta~90 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=75018951ece71668b56ce688740a62f9d4db9277;p=libevent Fix a possible double-free bug in SSL bufferevents with CLOSE_ON_FREE With CLOSE_ON_FREE set, we were telling the BIO to free the bufferevent when it was closed, and also freeing it ourselves. --- diff --git a/bufferevent_openssl.c b/bufferevent_openssl.c index a5aee02d..86e674b9 100644 --- a/bufferevent_openssl.c +++ b/bufferevent_openssl.c @@ -1207,7 +1207,9 @@ bufferevent_openssl_filter_new(struct event_base *base, enum bufferevent_ssl_state state, int options) { - int close_flag = options & BEV_OPT_CLOSE_ON_FREE; + /* We don't tell the BIO to close the bufferevent; we do it ourselves + * on be_openssl_destruct */ + int close_flag = 0; /* options & BEV_OPT_CLOSE_ON_FREE; */ BIO *bio; if (!underlying) return NULL;