Fri Jun  4 10:54:04 2010  Jan Just Keijser  <jan.just.keijser@gmail.com>

	* pptp_ctrl.c: check for failure return by pptp_send_ctrl_packet
	and avoid using freed struct conn.

--- pptp_ctrl.c	2010-06-15 15:05:46.743913798 +0100
+++ pptp_ctrl.c	2010-06-15 14:32:00.480100647 +0100
@@ -396,9 +400,10 @@
     /* don't check state against WAIT_DISCONNECT... allow multiple disconnect
      * requests to be made.
      */
-    pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst));
-    pptp_reset_timer();
-    call->state.pns = PNS_WAIT_DISCONNECT;
+    if (pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst))) {
+        pptp_reset_timer();
+        call->state.pns = PNS_WAIT_DISCONNECT;
+    }
     /* call structure will be freed when we have confirmation of disconnect. */
 }
 
@@ -431,9 +436,10 @@
         pptp_call_close(conn, vector_get_Nth(conn->call, i));
     /* now close connection */
     log("Closing PPTP connection");
-    pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst));
-    pptp_reset_timer(); /* wait 60 seconds for reply */
-    conn->conn_state = CONN_WAIT_STOP_REPLY;
+    if (pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst))) {
+        pptp_reset_timer(); /* wait 60 seconds for reply */
+        conn->conn_state = CONN_WAIT_STOP_REPLY;
+    }
     return;
 }
 
@@ -733,8 +739,8 @@
                     reply.version = packet->version;
                     /* protocol version not supported */
                     reply.result_code = hton8(5);
-                    pptp_send_ctrl_packet(conn, &reply, sizeof(reply));
-                    pptp_reset_timer(); /* give sender a chance for a retry */
+                    if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply)))
+                        pptp_reset_timer(); /* give sender a chance for a retry */
                 } else { /* same or greater version */
                     if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply))) {
                         conn->conn_state = CONN_ESTABLISHED;
@@ -841,8 +847,8 @@
                 hton8(1), hton8(PPTP_GENERAL_ERROR_NONE), 0
             };
             logecho( PPTP_ECHO_RQST);
-            pptp_send_ctrl_packet(conn, &reply, sizeof(reply));
-            pptp_reset_timer();
+            if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply)))
+                pptp_reset_timer();
             break;
         }
             /* ----------- OUTGOING CALL MESSAGES ------------ */
@@ -928,9 +935,10 @@
                 vector_search(conn->call, ntoh16(packet->call_id), &call);
                 if (call->callback != NULL)
                     call->callback(conn, call, CALL_CLOSE_RQST);
-                pptp_send_ctrl_packet(conn, &reply, sizeof(reply));
-                pptp_call_destroy(conn, call);
-                log("Call closed (RQST) (call id %d)", (int) call->call_id);
+                if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply))) {
+                    pptp_call_destroy(conn, call);
+                    log("Call closed (RQST) (call id %d)", (int) call->call_id);
+                }
             }
             break;
         }
@@ -1067,8 +1075,9 @@
     } else { /* ka_state == NONE */ /* send keep-alive */
         struct pptp_echo_rqst rqst = {
             PPTP_HEADER_CTRL(PPTP_ECHO_RQST), hton32(global.conn->ka_id) };
-        pptp_send_ctrl_packet(global.conn, &rqst, sizeof(rqst));
-        global.conn->ka_state = KA_OUTSTANDING;
+        if (pptp_send_ctrl_packet(global.conn, &rqst, sizeof(rqst))) {
+            global.conn->ka_state = KA_OUTSTANDING;
+        }
     }
     /* check incoming/outgoing call states for !IDLE && !ESTABLISHED */
     for (i = 0; i < vector_size(global.conn->call); i++) {