From 3b6ea5a9e5cdc2d40f2761b1cdef2fa99d0c1daa Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 21 Oct 2014 05:50:36 +0000
Subject: [PATCH] Fix Ncat crash on concurrent ssl connections

Reported on debian bugtracker here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724580

We can't remove an fdinfo from client_fdlist and still expect to access
the fdinfo via a pointer we got from get_fdinfo(&client_fdlist) since
rm_fd() modifies the data at the address pointed to. So instead of
removing it from the list and then adding it right back, we just don't
remove it in the first place.
---
 ncat/ncat_listen.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c
index ba4063de6..41c1be480 100644
--- a/ncat/ncat_listen.c
+++ b/ncat/ncat_listen.c
@@ -354,7 +354,6 @@ static int ncat_listen_stream(int proto)
                 case NCAT_SSL_HANDSHAKE_COMPLETED:
                     /* Clear from sslpending_fds once ssl is established */
                     FD_CLR(i, &sslpending_fds);
-                    rm_fd(&client_fdlist, i);
                     post_handle_connection(*fdi);
                     break;
                 case NCAT_SSL_HANDSHAKE_PENDING_WRITE:
@@ -529,6 +528,10 @@ static void post_handle_connection(struct fdinfo sinfo)
             /* add to our lists */
             FD_SET(sinfo.fd, &master_readfds);
             /* add it to our list of fds for maintaining maxfd */
+#ifdef HAVE_OPENSSL
+            /* Don't add it twice (see handle_connection above) */
+            if (!o.ssl)
+#endif
             if (add_fdinfo(&client_fdlist, &sinfo) < 0)
                 bye("add_fdinfo() failed.");
         }