microcom.c: Call cleanup routines only once

Repeated call to ios->exit(ios); was observed as used after free using
asan. Only call it once: In the exit handler.

Always call the exit handler and check there whether listenonly is set
and there skip resetting the terminal if so.

Do not reset the terminal elsewhere.

Do not call the exit handler from the quit command, just call exit,
invoking the signal handler too.

Signed-off-by: Jonas Rebmann <jre@pengutronix.de>

Author: jonrebm

commands.c

@@ -144,7 +144,6 @@ static int cmd_break(int argc, char *argv[])
 static int cmd_quit(int argc, char *argv[])
 {
 	fflush(NULL);
-	microcom_exit(0);
 	exit(0);
 	return 0;
 }

microcom.c

@@ -19,6 +19,12 @@ static struct termios sots; /* old stdout/in termios settings to restore */
 struct ios_ops *ios;
 int debug = 0;
 
+int opt_force = 0;
+unsigned long current_speed = DEFAULT_BAUDRATE;
+int current_flow = FLOW_NONE;
+int listenonly = 0;
+char escape_char = DEFAULT_ESCAPE_CHAR;
+
 void init_terminal(void)
 {
 	struct termios sts;
@@ -51,7 +57,8 @@ void microcom_exit(int signal)
 	write(1, "exiting\n", 8);
 
 	ios->exit(ios);
-	tcsetattr(STDIN_FILENO, TCSANOW, &sots);
+	if (listenonly)
+		tcsetattr(STDIN_FILENO, TCSANOW, &sots);
 
 	if (signal)
 		_Exit(0);
@@ -96,12 +103,6 @@ void main_usage(int exitcode, char *str, char *dev)
 	exit(exitcode);
 }
 
-int opt_force = 0;
-unsigned long current_speed = DEFAULT_BAUDRATE;
-int current_flow = FLOW_NONE;
-int listenonly = 0;
-char escape_char = DEFAULT_ESCAPE_CHAR;
-
 int main(int argc, char *argv[])
 {
 	struct sigaction sact = {0};  /* used to initialize the signal handler */
@@ -210,7 +211,7 @@ int main(int argc, char *argv[])
 
 	ret = ios->set_speed(ios, current_speed);
 	if (ret)
-		goto cleanup_ios;
+		exit(1);
 
 	current_flow = FLOW_NONE;
 	ios->set_flow(ios, current_flow);
@@ -220,27 +221,21 @@ int main(int argc, char *argv[])
 		printf("Type the escape character to get to the prompt.\n");
 
 		/* Now deal with the local terminal side */
+		/*  microcom_exit will restore the old termios handler */
 		tcgetattr(STDIN_FILENO, &sots);
 		init_terminal();
-
-		/* set the signal handler to restore the old
-		 * termios handler */
-		sact.sa_handler = &microcom_exit;
-		sigaction(SIGHUP, &sact, NULL);
-		sigaction(SIGINT, &sact, NULL);
-		sigaction(SIGPIPE, &sact, NULL);
-		sigaction(SIGTERM, &sact, NULL);
-		sigaction(SIGQUIT, &sact, NULL);
 	}
 
-	/* run the main program loop */
-	ret = mux_loop(ios);
+	sact.sa_handler = &microcom_exit;
 
-	if (!listenonly)
-		tcsetattr(STDIN_FILENO, TCSANOW, &sots);
+	sigaction(SIGHUP, &sact, NULL);
+	sigaction(SIGINT, &sact, NULL);
+	sigaction(SIGPIPE, &sact, NULL);
+	sigaction(SIGTERM, &sact, NULL);
+	sigaction(SIGQUIT, &sact, NULL);
 
-cleanup_ios:
-	ios->exit(ios);
+	/* run the main program loop */
+	ret = mux_loop(ios);
 
 	exit(ret ? 1 : 0);
 }