[PATCH 4/5] os: fix use after free in EstablishNewConnections

Mon Apr 4 10:54:34 PDT 2011

In the case of failure on AllocNewConnection, new_trans_conn cannot be
dereferenced because it's already freed. Swapping the order of this logic fix
the changes introduced in 04956b80431169e0ae713a3e6ba4cdc157ce3a66.

Signed-off-by: Tiago Vignatti <tiago.vignatti at nokia.com>
CC: Jeremy Huddleston <jeremyhu at freedesktop.org>
---
 os/connection.c |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/os/connection.c b/os/connection.c
index 5580fab..0c580ab 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -852,15 +852,14 @@ EstablishNewConnections(ClientPtr clientUnused, pointer closure)
 
 	_XSERVTransSetOption(new_trans_conn, TRANS_NONBLOCKING, 1);
 
+	if(trans_conn->flags & TRANS_NOXAUTH)
+	    new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
+
 	if (!AllocNewConnection (new_trans_conn, newconn, connect_time))
 	{
 	    ErrorConnMax(new_trans_conn);
 	    _XSERVTransClose(new_trans_conn);
 	}
-
-	if(trans_conn->flags & TRANS_NOXAUTH)
-	    new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
-
       }
 #ifndef WIN32
     }
-- 
1.7.0.4

