From 353f2a2ad43256b6b1d8c17e3942316d0a8424e2 Mon Sep 17 00:00:00 2001
From: Nicholas Marriott <nicm@openbsd.org>
Date: Mon, 26 Oct 2009 20:47:00 +0000
Subject: [PATCH] Don't do anything in the client callback if the client has
 already died to avoid a use-after-free (the callback is used twice, once for
 the client itself and once for the tty). Fixes crashes seen by Han Boetes.

---
 server-client.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server-client.c b/server-client.c
index 6d00dd37..5038a036 100644
--- a/server-client.c
+++ b/server-client.c
@@ -153,6 +153,9 @@ server_client_callback(int fd, int events, void *data)
 {
 	struct client	*c = data;
 
+	if (c->flags & CLIENT_DEAD)
+		return;
+
 	if (fd == c->ibuf.fd) {
 		if (events & (POLLERR|POLLNVAL|POLLHUP))
 			goto client_lost;