search

openziti / ziti-sdk-c

A C-based sdk for delivering secure applications over a Ziti Network
https://docs.openziti.io/docs/reference/developer/sdk/ziti-sdk-c
Apache License 2.0
72 stars 14 forks source link

ziti_shutdown doesn't guard against NULL/incomplete intialized context #111

Closed dovholuknf closed 4 years ago

dovholuknf commented 4 years ago

I had a context which did not fully initialize due to failed to login: INVALID_AUTH[-12](The authentication request failed). When that context is passed to ziti_shutdown ztx->session is NULL and free_ziti_session(ztx->session); will cause a crash

ekoby commented 4 years ago

free_ziti_session calls model_free() (https://github.com/openziti/ziti-sdk-c/blob/master/library/model_support.c#L193) which guards against NULL pointer being passed