The previous code essentially did:
for (…; …; ptr = ptr->next)
free (ptr);
The "ptr->next" is a use-after-free.
return (0);
} /* int email_init */
return (0);
} /* int email_init */
-static int email_shutdown (void)
+static void type_list_free (type_list_t *t)
+ type_t *this;
+
+ this = t->head;
+ while (this != NULL)
+ {
+ type_t *next = this->next;
+
+ sfree (this->name);
+ sfree (this);
+
+ this = next;
+ }
+ t->head = NULL;
+ t->tail = NULL;
+}
+
+static int email_shutdown (void)
+{
int i = 0;
if (connector != ((pthread_t) 0)) {
int i = 0;
if (connector != ((pthread_t) 0)) {
pthread_mutex_unlock (&conns_mutex);
pthread_mutex_unlock (&conns_mutex);
- for (ptr = list_count.head; NULL != ptr; ptr = ptr->next) {
- free (ptr->name);
- free (ptr);
- }
-
- for (ptr = list_count_copy.head; NULL != ptr; ptr = ptr->next) {
- free (ptr->name);
- free (ptr);
- }
-
- for (ptr = list_size.head; NULL != ptr; ptr = ptr->next) {
- free (ptr->name);
- free (ptr);
- }
-
- for (ptr = list_size_copy.head; NULL != ptr; ptr = ptr->next) {
- free (ptr->name);
- free (ptr);
- }
-
- for (ptr = list_check.head; NULL != ptr; ptr = ptr->next) {
- free (ptr->name);
- free (ptr);
- }
-
- for (ptr = list_check_copy.head; NULL != ptr; ptr = ptr->next) {
- free (ptr->name);
- free (ptr);
- }
+ type_list_free (&list_count);
+ type_list_free (&list_count_copy);
+ type_list_free (&list_size);
+ type_list_free (&list_size_copy);
+ type_list_free (&list_check);
+ type_list_free (&list_check_copy);
unlink ((NULL == sock_file) ? SOCK_PATH : sock_file);
unlink ((NULL == sock_file) ? SOCK_PATH : sock_file);