From f01d51a5428afc1576acb60804494100b5d8d084 Mon Sep 17 00:00:00 2001
From: Minji Park <minjii.park@samsung.com>
Date: Thu, 17 Nov 2016 20:33:05 +0900
Subject: [PATCH] [IOT-1575] Fixed session delete function to resolve double
 free issue

- fix double free issue in tcpserver
  when disconnecting TCP session

Change-Id: Ica0b9f0976426d66309ef7304149eb54489b6b66
Signed-off-by: Hyuna Jo <hyuna0213.jo@samsung.com>
Signed-off-by: Minji Park <minjii.park@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/14495
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: jihwan seo <jihwan.seo@samsung.com>
Reviewed-by: Uze Choi <uzchoi@samsung.com>
Reviewed-by: Jaehong Jo <jaehong.jo@samsung.com>
Reviewed-by: Ashok Babu Channa <ashok.channa@samsung.com>
Signed-off-by: Minji Park <minjii.park@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/14775
Reviewed-by: Dan Mihai <Daniel.Mihai@microsoft.com>
---
 resource/csdk/connectivity/src/tcp_adapter/catcpserver.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
index c2fe260..1ee5820 100644
--- a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
+++ b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
@@ -790,8 +790,8 @@ static void CAReceiveMessage(int fd)
             OIC_LOG(ERROR, TAG, "Failed to close TLS session");
         }
 #endif
-        CADisconnectTCPSession(svritem, index);
-        CACleanData(svritem);
+        CASearchAndDeleteTCPSession(&(svritem->sep.endpoint));
+        return;
     }
 }
 
@@ -1370,9 +1370,7 @@ CAResult_t CADisconnectTCPSession(CATCPSessionInfo_t *svritem, size_t index)
     OIC_LOG_V(DEBUG, TAG, "%s", __func__);
     VERIFY_NON_NULL(svritem, TAG, "svritem is NULL");
 
-    oc_mutex_lock(g_mutexObjectList);
-
-    // close the socket and remove TCP connection info in list
+    // close the socket and remove TCP connection info in list.
     if (svritem->fd >= 0)
     {
         shutdown(svritem->fd, SHUT_RDWR);
@@ -1391,8 +1389,6 @@ CAResult_t CADisconnectTCPSession(CATCPSessionInfo_t *svritem, size_t index)
     }
 
     OICFree(svritem);
-    oc_mutex_unlock(g_mutexObjectList);
-
     return CA_STATUS_OK;
 }
 
@@ -1483,6 +1479,8 @@ CATCPSessionInfo_t *CAGetSessionInfoFromFD(int fd, size_t *index)
 
 CAResult_t CASearchAndDeleteTCPSession(const CAEndpoint_t *endpoint)
 {
+    oc_mutex_lock(g_mutexObjectList);
+
     CAResult_t result = CA_STATUS_OK;
     size_t index = 0;
     CATCPSessionInfo_t *svritem = CAGetTCPSessionInfoFromEndpoint(endpoint, &index);
@@ -1495,6 +1493,7 @@ CAResult_t CASearchAndDeleteTCPSession(const CAEndpoint_t *endpoint)
         }
     }
 
+    oc_mutex_unlock(g_mutexObjectList);
     return result;
 }
 
-- 
2.7.4