[hotssh] gssh: Squash more use-after-free

[Colin Walters <walters src gnome org>]

commit e03afdd82e51b094b5ab5cb521b1ed63b4ab6cae
Author: Colin Walters <walters verbum org>
Date:   Tue Nov 26 09:39:01 2013 -0500

    gssh: Squash more use-after-free
    
    We really need to hold a refcount on the whole object, otherwise the
    socket iteration will potentially access freed memory.

 libgssh/gssh-connection.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/libgssh/gssh-connection.c b/libgssh/gssh-connection.c
index d74e84b..1e21d4e 100644
--- a/libgssh/gssh-connection.c
+++ b/libgssh/gssh-connection.c
@@ -623,8 +623,10 @@ static void
 gssh_connection_iteration (GSshConnection   *self,
                            GIOCondition        condition)
 {
+  g_object_ref (self);
   gssh_connection_iteration_internal (self, condition);
   recalculate_socket_state (self);
+  g_object_unref (self);
 }
 
 static void
@@ -640,6 +642,7 @@ on_socket_ready (GSocket *socket,
                 gpointer user_data)
 {
   GSshConnection *self = user_data;
+  gboolean ret;
 
   if (condition & (G_IO_ERR | G_IO_HUP))
     {
@@ -650,11 +653,15 @@ on_socket_ready (GSocket *socket,
       return FALSE;
     }
 
+  g_object_ref (self);
+
   g_debug ("socket ready: state %d", self->state);
 
   gssh_connection_iteration (self, condition);
 
-  return TRUE;
+  ret = self->socket_source != NULL;
+  g_object_unref (self);
+  return ret;
 }
 
 const char *