From 868e336f8337e14e0288ac1d3c9fd89bee6d1961 Mon Sep 17 00:00:00 2001
From: Martin Szulecki
Date: Sun, 17 Nov 2013 02:40:48 +0100
Subject: Fix possible memory corruption by ensuring client pointers NULL'd
 after free

---
 src/idevice.c               | 2 ++
 src/lockdown.c              | 1 +
 src/property_list_service.c | 3 +++
 src/service.c               | 3 +++
 4 files changed, 9 insertions(+)

diff --git a/src/idevice.c b/src/idevice.c
index 3ed2e9f..428f359 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -267,6 +267,7 @@ idevice_error_t idevice_disconnect(idevice_connection_t connection)
 	idevice_error_t result = IDEVICE_E_UNKNOWN_ERROR;
 	if (connection->type == CONNECTION_USBMUXD) {
 		usbmuxd_disconnect((int)(long)connection->data);
+		connection->data = NULL;
 		result = IDEVICE_E_SUCCESS;
 	} else {
 		debug_info("Unknown connection type %d", connection->type);
@@ -276,6 +277,7 @@ idevice_error_t idevice_disconnect(idevice_connection_t connection)
 		free(connection->udid);
 
 	free(connection);
+	connection = NULL;
 
 	return result;
 }
diff --git a/src/lockdown.c b/src/lockdown.c
index c2e3654..60fbf0c 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -241,6 +241,7 @@ static lockdownd_error_t lockdownd_client_free_simple(lockdownd_client_t client)
 	}
 
 	free(client);
+	client = NULL;
 
 	return ret;
 }
diff --git a/src/property_list_service.c b/src/property_list_service.c
index b8d4b93..3f2e6c3 100644
--- a/src/property_list_service.c
+++ b/src/property_list_service.c
@@ -101,7 +101,10 @@ property_list_service_error_t property_list_service_client_free(property_list_se
 		return PROPERTY_LIST_SERVICE_E_INVALID_ARG;
 
 	property_list_service_error_t err = service_to_property_list_service_error(service_client_free(client->parent));
+
 	free(client);
+	client = NULL;
+
 	return err;
 }
 
diff --git a/src/service.c b/src/service.c
index 5bc7aea..e8444b8 100644
--- a/src/service.c
+++ b/src/service.c
@@ -157,7 +157,10 @@ service_error_t service_client_free(service_client_t client)
 		return SERVICE_E_INVALID_ARG;
 
 	service_error_t err = idevice_to_service_error(idevice_disconnect(client->connection));
+
 	free(client);
+	client = NULL;
+
 	return err;
 }
 
-- 
cgit v1.1-32-gdbae