os: fix use after free in EstablishNewConnections

In the case of failure on AllocNewConnection, new_trans_conn cannot be dereferenced because it's already freed. Swapping the order of this logic fix the changes introduced in 04956b80431169e0ae713a3e6ba4cdc157ce3a66. Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com> CC: Jeremy Huddleston <jeremyhu@freedesktop.org> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
author: Tiago Vignatti <tiago.vignatti@nokia.com> 2011-04-04 21:40:06 +0300
committer: Tiago Vignatti <tiago.vignatti@nokia.com> 2011-04-07 19:57:38 +0300
commit: f603061e9482ad5caf1975ba5395b3294852d072 (patch)
tree: 516a8916b692ac2ff67b2c0a5408c486058263a6
parent: 82498e3c2cce6f515063ecb4b6ae9303e828da00 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/os/connection.c b/os/connection.c
index 5580fabf9..0c580ab5e 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -852,15 +852,14 @@ EstablishNewConnections(ClientPtr clientUnused, pointer closure)
 
 	_XSERVTransSetOption(new_trans_conn, TRANS_NONBLOCKING, 1);
 
+	if(trans_conn->flags & TRANS_NOXAUTH)
+	    new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
+
 	if (!AllocNewConnection (new_trans_conn, newconn, connect_time))
 	{
 	    ErrorConnMax(new_trans_conn);
 	    _XSERVTransClose(new_trans_conn);
 	}
-
-	if(trans_conn->flags & TRANS_NOXAUTH)
-	    new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
-
       }
 #ifndef WIN32
     }
author	Tiago Vignatti <tiago.vignatti@nokia.com>	2011-04-04 21:40:06 +0300
committer	Tiago Vignatti <tiago.vignatti@nokia.com>	2011-04-07 19:57:38 +0300
commit	f603061e9482ad5caf1975ba5395b3294852d072 (patch)
tree	516a8916b692ac2ff67b2c0a5408c486058263a6
parent	82498e3c2cce6f515063ecb4b6ae9303e828da00 (diff)