Fix SIGINT double-free by not freeing tunnel structures during cleanup

- Prevent use-after-free in forwarding threads during shutdown
- Close sockets and free buffers but keep tunnel structures allocated
- Memory will be freed when process exits, avoiding thread access issues

wssshtools/tunnel.c

@@ -275,7 +275,8 @@ void cleanup_tunnel(int debug) {
     usleep(200000); // 200ms - increased timeout for better thread cleanup
     pthread_mutex_lock(&tunnel_mutex);
 
-    // Now safely clean up - don't free SSL contexts as they're managed at connection level
+    // Now safely clean up - don't free tunnel structures to avoid use-after-free in threads
+    // Just close sockets and clean up resources, tunnels will be freed when process exits
     for (int i = 0; i < active_tunnels_count; i++) {
         if (active_tunnels[i]) {
             if (active_tunnels[i]->sock >= 0) {
@@ -296,9 +297,11 @@ void cleanup_tunnel(int debug) {
 
             if (active_tunnels[i]->outgoing_buffer) {
                 frame_buffer_free(active_tunnels[i]->outgoing_buffer);
+                active_tunnels[i]->outgoing_buffer = NULL;
             }
             if (active_tunnels[i]->incoming_buffer) {
                 frame_buffer_free(active_tunnels[i]->incoming_buffer);
+                active_tunnels[i]->incoming_buffer = NULL;
             }
 
             // Clear backward compatibility pointer if it points to this tunnel
@@ -306,10 +309,11 @@ void cleanup_tunnel(int debug) {
                 active_tunnel = NULL;
             }
 
-            free(active_tunnels[i]);
+            // Mark tunnel as cleaned up but don't free the structure
+            active_tunnels[i]->active = 0;
         }
     }
-    active_tunnels_count = 0;
+    // Don't reset count, just mark tunnels inactive
     // Don't free the array itself, just reset count
     pthread_mutex_unlock(&tunnel_mutex);
 }