From 022ad63f0c8cbb17ba37ee4128eae30ebb873ce4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Sat, 26 Nov 2022 18:49:21 +0000 Subject: [PATCH] Fix use-after-free in mark_servers() --- src/domain-match.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/domain-match.c b/src/domain-match.c index bef460a..fe8e25a 100644 --- a/src/domain-match.c +++ b/src/domain-match.c @@ -559,7 +559,7 @@ static int maybe_free_servers = 0; /* Must be called before add_update_server() to set daemon->servers_tail */ void mark_servers(int flag) { - struct server *serv, **up; + struct server *serv, *next, **up; maybe_free_servers = !!flag; @@ -580,11 +580,13 @@ void mark_servers(int flag) 1) numerous and 2) not reloaded often. We just delete and recreate. */ if (flag) - for (serv = daemon->local_domains, up = &daemon->local_domains; serv; serv = serv->next) + for (serv = daemon->local_domains, up = &daemon->local_domains; serv; serv = next) { + next = serv->next; + if (serv->flags & flag) { - *up = serv->next; + *up = next; free(serv->domain); free(serv); }