[OpenWrt-Devel] [PATCH] libubus: nullify stale msgbuf pointer in case of ubus_connect_ctx() failure
Eyal Birger
eyal.birger at gmail.com
Sun May 15 01:13:27 EDT 2016
If the ubus_reconnect() call fails in ubus_connect_ctx(), the msgbuf.data
newly allocated buffer is freed, but its pointer in the ubus_context is not
removed.
This leads to a double free error if ubus_auto_shutdown() is called for cleanup
after ubus_auto_connect() failed to connect to ubusd.
Signed-off-by: Eyal Birger <eyal.birger at gmail.com>
---
libubus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libubus.c b/libubus.c
index d52faff..8163ff7 100644
--- a/libubus.c
+++ b/libubus.c
@@ -294,6 +294,7 @@ int ubus_connect_ctx(struct ubus_context *ctx, const char *path)
avl_init(&ctx->objects, ubus_cmp_id, false, NULL);
if (ubus_reconnect(ctx, path)) {
free(ctx->msgbuf.data);
+ ctx->msgbuf.data = NULL;
return -1;
}
--
1.9.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list