From 7beaee5239a752e59758e5331d3f5db98a9ed202 Mon Sep 17 00:00:00 2001
From: Simon Arlott <sa.me.uk>
Date: Wed, 10 Feb 2016 21:22:50 +0000
Subject: [PATCH] ssld: change_connid may be called with an unknown ID

If change_connid is called with an unknown ID, conn will be
NULL, check this with an assert and then respond by reporting
the new ID as closed instead of dereferencing a NULL pointer.
---
 ssld/ssld.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/ssld/ssld.c b/ssld/ssld.c
index 3583ba08..f187cd57 100644
--- a/ssld/ssld.c
+++ b/ssld/ssld.c
@@ -829,6 +829,20 @@ change_connid(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
 	uint32_t id = buf_to_uint32(&ctlb->buf[1]);
 	uint32_t newid = buf_to_uint32(&ctlb->buf[5]);
 	conn_t *conn = conn_find_by_id(id);
+	lrb_assert(conn != NULL);
+	if(conn == NULL)
+	{
+		char buf[256];
+		int len;
+
+		buf[0] = 'D';
+		uint32_to_buf(&buf[1], newid);
+		sprintf(&buf[5], "connid %d does not exist", id);
+		len = (strlen(&buf[5]) + 1) + 5;
+		mod_cmd_write_queue(ctl, buf, len);
+
+		return;
+	}
 	rb_dlinkDelete(&conn->node, connid_hash(conn->id));
 	SetZipSSL(conn);
 	conn->id = newid;