From db36f6a78b1ab723bbdd3043318c8cc073f07abf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Sun, 26 May 2013 15:46:36 +0200
Subject: [PATCH] [mod_cache_disk_etag] fix use after free

---
 src/modules/mod_cache_disk_etag.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/modules/mod_cache_disk_etag.c b/src/modules/mod_cache_disk_etag.c
index 3f771f7..13ad09e 100644
--- a/src/modules/mod_cache_disk_etag.c
+++ b/src/modules/mod_cache_disk_etag.c
@@ -106,9 +106,18 @@ static void cache_etag_file_free(cache_etag_file *cfile) {
 		close(cfile->fd);
 		unlink(cfile->tmpfilename->str);
 	}
-	if (cfile->hit_fd != -1) close(cfile->hit_fd);
-	if (cfile->filename) g_string_free(cfile->filename, TRUE);
-	if (cfile->tmpfilename) g_string_free(cfile->tmpfilename, TRUE);
+	if (cfile->hit_fd != -1) {
+		close(cfile->hit_fd);
+		cfile->hit_fd = -1;
+	}
+	if (cfile->filename) {
+		g_string_free(cfile->filename, TRUE);
+		cfile->filename = NULL;
+	}
+	if (cfile->tmpfilename) {
+		g_string_free(cfile->tmpfilename, TRUE);
+		cfile->tmpfilename = NULL;
+	}
 	g_slice_free(cache_etag_file, cfile);
 }
 
@@ -197,8 +206,8 @@ static liHandlerResult cache_etag_filter_miss(liVRequest *vr, liFilter *f) {
 
 	if (0 == f->in->length && f->in->is_closed) {
 		f->out->is_closed = TRUE;
-		cache_etag_file_finish(vr, cfile);
 		f->param = NULL;
+		cache_etag_file_finish(vr, cfile);
 		return LI_HANDLER_GO_ON;
 	}
 
@@ -308,6 +317,7 @@ static liHandlerResult cache_etag_handle(liVRequest *vr, gpointer param, gpointe
 
 	if (!cache_etag_file_start(vr, cfile)) {
 		cache_etag_file_free(cfile);
+		*context = NULL;
 		return LI_HANDLER_GO_ON; /* no caching */
 	}