server: Delay vss shutdown in command handler context.

The sender status subcommand invoked via ->handle_connect() accesses memory
that has been freed in vss_shutdown(), resulting in garbage output. This
use-after-free bug is correctly reported by valgrind. It can easily be fixed
by moving the vss_shutdown() call down.

Fixes: 018a7b7927b76044b28eece39039cb2f5ea9c192

diff --git a/server.c b/server.c
index 48ada73c02a2c925c8d48037ab096f5e1746add5..77064158af98e3b4a64d8bf8b3909a5513df5b43 100644 (file)
--- a/server.c
+++ b/server.c
@@ -668,13 +668,12 @@ int main(int argc, char *argv[])
                deplete_close_on_fork_list();
                if (ret < 0)
                        PARA_EMERG_LOG("%s\n", para_strerror(-ret));
-               vss_shutdown();
        } else {
-               vss_shutdown();
                alarm(ALARM_TIMEOUT);
                close_listed_fds();
                ret = handle_connect(sct->child_fd);
        }
+       vss_shutdown();
        shm_detach(mmd);
        user_list_deplete();
        free_lpr();