Fixes #601

ChangeLog

@@ -38,6 +38,8 @@ Version 4.5.2 'dan Eider':
 		* Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function
 	- Fix Issue #600 (by ycaibb)
 		* Fix: use-after-free vulnerability on write_to_peerchannel function
+	- Fix Issue #601 (by ycaibb)
+		* Fix: use-after-free vulnerability on write_client_connection function
 
 24/06/2020 Oleg Moskalenko <[email protected]> Mihály Mészáros <[email protected]>
 Version 4.5.1.3 'dan Eider':

src/server/ns_turn_server.c

@@ -4293,7 +4293,7 @@ static int write_client_connection(turn_turnserver *server, ts_ur_super_session*
 		int skip = 0;
 		int ret = send_data_from_ioa_socket_nbh(ss->client_socket, NULL, nbh, ttl, tos, &skip);
 
-		if(!skip) {
+		if(!skip && ret>-1) {
 			++(ss->sent_packets);
 			ss->sent_bytes += (uint32_t)ioa_network_buffer_get_size(nbh);
 			turn_report_session_usage(ss, 0);