Avoid double-free in daemon client cleanup code

ChangeLog

@@ -1,3 +1,8 @@
+Fri May 29 15:34:30 BST 2009 Daniel P. Berrange <berrange@redhat.com>
+
+	* qemud/qemud.c: Set free'd variables to NULL to avoid potential
+	double-free() scenario when client unexpectedly closes connection
+
 Fri May 29 15:26:30 BST 2009 Daniel P. Berrange <berrange@redhat.com>
 
 	Win32 portability fixes

qemud/qemud.c

@@ -1378,7 +1378,10 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
  * jobs have finished, then clean it up elsehwere
  */
 void qemudDispatchClientFailure(struct qemud_client *client) {
-    virEventRemoveHandleImpl(client->watch);
+    if (client->watch != -1) {
+        virEventRemoveHandleImpl(client->watch);
+        client->watch = -1;
+    }
 
     /* Deregister event delivery callback */
     if(client->conn) {
@@ -1387,12 +1390,21 @@ void qemudDispatchClientFailure(struct qemud_client *client) {
     }
 
 #if HAVE_SASL
-    if (client->saslconn) sasl_dispose(&client->saslconn);
+    if (client->saslconn) {
+        sasl_dispose(&client->saslconn);
+        client->saslconn = NULL;
+    }
     free(client->saslUsername);
+    client->saslUsername = NULL;
 #endif
-    if (client->tlssession) gnutls_deinit (client->tlssession);
-    close(client->fd);
-    client->fd = -1;
+    if (client->tlssession) {
+        gnutls_deinit (client->tlssession);
+        client->tlssession = NULL;
+    }
+    if (client->fd != -1) {
+        close(client->fd);
+        client->fd = -1;
+    }
 }