~kevin8t8/mutt: Fix crash when polling a closed ssl connection.

edf5699c189bf8da642297fe327e19a6c7674091 — Kevin McCarthy 6 months ago 8914a1b

Fix crash when polling a closed ssl connection.

Commit 8353407c enabled checking for buffered OpenSSL/GnuTLS data when
polling, but neglected to check if the connection was already closed.

This can be triggered during imap_logout() if the connection write of
"LOGOUT" fails and closes the connection, before the poll.  It's a bit
tricky to trigger because imap_logout_all() checks for a closed
connection, so the failure needs to take place at that last write.

Thanks to Stefan Sperling for pointing out the problem, complete with
a backtrace and patch.  (This commit takes a different approach for a
stable-branch fix.)

patch browse

2 files changed, 6 insertions(+), 0 deletions(-)

M mutt_ssl.c
M mutt_ssl_gnutls.c

M mutt_ssl.c => mutt_ssl.c +3 -0

@@ 465,6 465,9 @@ static int ssl_socket_poll (CONNECTION* conn, time_t wait_secs)
 {
   sslsockdata *data = conn->sockdata;
 
+  if (!data)
+    return -1;
+
   if (SSL_has_pending (data->ssl))
     return 1;
   else

M mutt_ssl_gnutls.c => mutt_ssl_gnutls.c +3 -0

@@ 193,6 193,9 @@ static int tls_socket_poll (CONNECTION* conn, time_t wait_secs)
 {
   tlssockdata *data = conn->sockdata;
 
+  if (!data)
+    return -1;
+
   if (gnutls_record_check_pending (data->state))
     return 1;
   else