From f603061e9482ad5caf1975ba5395b3294852d072 Mon Sep 17 00:00:00 2001
From: Tiago Vignatti <tiago.vignatti@nokia.com>
Date: Mon, 4 Apr 2011 21:40:06 +0300
Subject: os: fix use after free in EstablishNewConnections

In the case of failure on AllocNewConnection, new_trans_conn cannot be
dereferenced because it's already freed. Swapping the order of this logic fix
the changes introduced in 04956b80431169e0ae713a3e6ba4cdc157ce3a66.

Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
CC: Jeremy Huddleston <jeremyhu@freedesktop.org>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
---
 os/connection.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'os')

diff --git a/os/connection.c b/os/connection.c
index 5580fabf9..0c580ab5e 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -852,15 +852,14 @@ EstablishNewConnections(ClientPtr clientUnused, pointer closure)
 
 	_XSERVTransSetOption(new_trans_conn, TRANS_NONBLOCKING, 1);
 
+	if(trans_conn->flags & TRANS_NOXAUTH)
+	    new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
+
 	if (!AllocNewConnection (new_trans_conn, newconn, connect_time))
 	{
 	    ErrorConnMax(new_trans_conn);
 	    _XSERVTransClose(new_trans_conn);
 	}
-
-	if(trans_conn->flags & TRANS_NOXAUTH)
-	    new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
-
       }
 #ifndef WIN32
     }
-- 
cgit v1.2.3