[lib] Do not call vty_close in vty_log_out to avoid possible free memory access

2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu>

	* vty.c: (vty_log_out) Do not call vty_close, because this could
	  result in a parent function's accessing the freed memory.
	  Instead, set status VTY_CLOSE and call shutdown(vty->fd, SHUT_RDWR).
	  And add a comment on vty_close.

lib/ChangeLog

@@ -1,3 +1,10 @@
+2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
+
+	* vty.c: (vty_log_out) Do not call vty_close, because this could
+	  result in a parent function's accessing the freed memory.
+	  Instead, set status VTY_CLOSE and call shutdown(vty->fd, SHUT_RDWR).
+	  And add a comment on vty_close.
+
 2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
 
 	* vty.c: (vty_log_out, vty_read, vty_flush, vtysh_flush, vtysh_read)

lib/vty.c

@@ -186,7 +186,10 @@ vty_log_out (struct vty *vty, const char *level, const char *proto_str,
       zlog_warn("%s: write failed to vty client fd %d, closing: %s",
 		__func__, vty->fd, safe_strerror(errno));
       buffer_reset(vty->obuf);
-      vty_close(vty);
+      /* cannot call vty_close, because a parent routine may still try
+         to access the vty struct */
+      vty->status = VTY_CLOSE;
+      shutdown(vty->fd, SHUT_RDWR);
       return -1;
     }
   return 0;
@@ -2141,7 +2144,10 @@ vty_serv_sock (const char *addr, unsigned short port, const char *path)
 #endif /* VTYSH */
 }
 
-/* Close vty interface. */
+/* Close vty interface.  Warning: call this only from functions that
+   will be careful not to access the vty afterwards (since it has
+   now been freed).  This is safest from top-level functions (called
+   directly by the thread dispatcher). */
 void
 vty_close (struct vty *vty)
 {