From 4b5e4d628da6c368d611c66c5c7e95fcdb4866d3 Mon Sep 17 00:00:00 2001
From: Andri Yngvason <andri@yngvason.is>
Date: Tue, 11 Apr 2023 20:32:37 +0000
Subject: [PATCH] stream-gnutls: Fix use after free

---
 src/stream-gnutls.c | 3 ++-
 src/stream-tcp.c    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/stream-gnutls.c b/src/stream-gnutls.c
index 27cd24e..bb66163 100644
--- a/src/stream-gnutls.c
+++ b/src/stream-gnutls.c
@@ -64,6 +64,7 @@ static void stream_gnutls_destroy(struct stream* self)
 {
 	stream_close(self);
 	aml_unref(self->handler);
+	free(self);
 }
 
 static int stream_gnutls__flush(struct stream* self)
@@ -253,7 +254,7 @@ int stream_upgrade_to_tls(struct stream* self, void* context)
 	aml_unref(self->handler);
 
 	self->handler = aml_handler_new(self->fd, stream_gnutls__on_event, self,
-			free);
+			NULL);
 	assert(self->handler);
 
 	rc = aml_start(aml_get_default(), self->handler);
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 9f2d2a5..03a3d9b 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -56,6 +56,7 @@ static void stream_tcp_destroy(struct stream* self)
 {
 	stream_close(self);
 	aml_unref(self->handler);
+	free(self);
 }
 
 static int stream_tcp__flush(struct stream* self)
@@ -267,7 +268,7 @@ struct stream* stream_new(int fd, stream_event_fn on_event, void* userdata)
 
 	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
 
-	self->handler = aml_handler_new(fd, stream_tcp__on_event, self, free);
+	self->handler = aml_handler_new(fd, stream_tcp__on_event, self, NULL);
 	if (!self->handler)
 		goto failure;