From 59a67a7541ee1559b140494c21a25b195246a4fa Mon Sep 17 00:00:00 2001
From: Xavier Del Campo <xavier.delcampo@midokura.com>
Date: Mon, 20 Nov 2023 12:20:51 +0100
Subject: Fix double-free on failed server_client_close

Even if server_client_close fails, it is needed for client_free to
remove the dangling reference from h->clients.
---
 handler.c | 7 ++-----
 server.c  | 1 -
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/handler.c b/handler.c
index f6e47a3..ffd37dd 100644
--- a/handler.c
+++ b/handler.c
@@ -152,13 +152,13 @@ static void client_free(struct client *const c)
 static int remove_client_from_list(struct handler *const h,
     struct client *const c)
 {
-    int ret = -1;
+    int ret = 0;
 
     if (server_client_close(h->server, c->c))
     {
         fprintf(stderr, "%s: server_client_close failed\n",
             __func__);
-        goto end;
+        ret = -1;
     }
 
     for (struct client *cl = h->clients, *prev = NULL; cl;
@@ -175,9 +175,6 @@ static int remove_client_from_list(struct handler *const h,
         }
     }
 
-    ret = 0;
-
-end:
     client_free(c);
     return ret;
 }
diff --git a/server.c b/server.c
index 8cea044..3d6f370 100644
--- a/server.c
+++ b/server.c
@@ -59,7 +59,6 @@ int server_client_close(struct server *const s, struct server_client *const c)
             {
                 fprintf(stderr, "%s: close(2): %s\n",
                     __func__, strerror(errno));
-                return -1;
             }
             else if (ref->prev)
                 ref->prev->next = next;
-- 
cgit v1.2.3