From ca6594fa588ef9cabeb12f7e00eecb19d1665440 Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@tuebingen.mpg.de>
Date: Mon, 9 Jun 2025 21:23:59 +0200
Subject: [PATCH] server: Delay vss shutdown in command handler context.

The sender status subcommand invoked via ->handle_connect() accesses memory
that has been freed in vss_shutdown(), resulting in garbage output. This
use-after-free bug is correctly reported by valgrind. It can easily be fixed
by moving the vss_shutdown() call down.

Fixes: 018a7b7927b76044b28eece39039cb2f5ea9c192
---
 server.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/server.c b/server.c
index 48ada73c..77064158 100644
--- a/server.c
+++ b/server.c
@@ -668,13 +668,12 @@ int main(int argc, char *argv[])
 		deplete_close_on_fork_list();
 		if (ret < 0)
 			PARA_EMERG_LOG("%s\n", para_strerror(-ret));
-		vss_shutdown();
 	} else {
-		vss_shutdown();
 		alarm(ALARM_TIMEOUT);
 		close_listed_fds();
 		ret = handle_connect(sct->child_fd);
 	}
+	vss_shutdown();
 	shm_detach(mmd);
 	user_list_deplete();
 	free_lpr();
-- 
2.39.5