If the real SSH connection goes away and we call sharestate_free with
downstreams still active, then that in turn calls share_connstate_free
on all those downstreams, freeing the things their sockets are using
as Plugs but not actually closing the sockets, so further data coming
in from downstream gives rise to a use-after-free bug.
(Thanks to Timothe Litt for a great deal of help debugging this.)
(cherry picked from commit
0b2f283622603242d8bce295e42342649aebbb97)
sfree(globreq);
}
+ if (cs->sock)
+ sk_close(cs->sock);
+
sfree(cs);
}