@@ -38,6 +38,8 @@ Version 4.5.2 'dan Eider':
* Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function
- Fix Issue #600 (by ycaibb)
* Fix: use-after-free vulnerability on write_to_peerchannel function
+ - Fix Issue #601 (by ycaibb)
+ * Fix: use-after-free vulnerability on write_client_connection function
24/06/2020 Oleg Moskalenko <[email protected]> Mihály Mészáros <[email protected]>
Version 4.5.1.3 'dan Eider':
@@ -4293,7 +4293,7 @@ static int write_client_connection(turn_turnserver *server, ts_ur_super_session*
int skip = 0;
int ret = send_data_from_ioa_socket_nbh(ss->client_socket, NULL, nbh, ttl, tos, &skip);
- if(!skip) {
+ if(!skip && ret>-1) {
++(ss->sent_packets);
ss->sent_bytes += (uint32_t)ioa_network_buffer_get_size(nbh);
turn_report_session_usage(ss, 0);