From 2e315fe5273c899bad4de5f82af9e704edb0bda5 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordu.net>
Date: Mon, 14 Mar 2011 00:45:18 +0100
Subject: [PATCH] Avoid potential double free.

(udp_init): Set conn.rev = NULL in fault case.
---
 lib/udp.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/udp.c b/lib/udp.c
index 911616d..c04821d 100644
--- a/lib/udp.c
+++ b/lib/udp.c
@@ -155,7 +155,10 @@ udp_init (struct rs_connection *conn, struct rs_packet *pkt)
   if (!conn->rev || !conn->wev)
     {
       if (conn->rev)
-	event_free (conn->rev);
+	{
+	  event_free (conn->rev);
+	  conn->rev = NULL;
+	}
       /* ENOMEM _or_ EINVAL but EINVAL only if we use EV_SIGNAL, at
 	 least for now (libevent-2.0.5).  */
       return rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL);
-- 
2.1.4