From: Andrew Zaborowski <andrew.zaborowski@intel.com>
To: iwd@lists.01.org
Subject: [PATCH 01/13] frame-xchg: Fix potential use after free
Date: Fri, 31 Jul 2020 03:31:24 +0200 [thread overview]
Message-ID: <20200731013136.65057-1-andrew.zaborowski@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1263 bytes --]
Check if the frame callback has cancelled the frame_xchg before
attempting to free it.
---
I'm adding a frame_xchg_match_ptr here and I think I might have
used a similar function somewhere else. I was wondering if we
want to add a pointer compare function in util.c or accept NULL
as match function in l_queue_find() to mean match by data pointer.
---
src/frame-xchg.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/frame-xchg.c b/src/frame-xchg.c
index 3c1fc279..dfe08f6a 100644
--- a/src/frame-xchg.c
+++ b/src/frame-xchg.c
@@ -975,6 +975,11 @@ static bool frame_xchg_tx_retry(struct wiphy_radio_work_item *item)
return false;
}
+static bool frame_xchg_match_ptr(const void *a, const void *b)
+{
+ return a == b;
+}
+
static bool frame_xchg_resp_handle(const struct mmpdu_header *mpdu,
const void *body, size_t body_len,
int rssi, void *user_data)
@@ -1013,6 +1018,9 @@ static bool frame_xchg_resp_handle(const struct mmpdu_header *mpdu,
done = watch->cb(mpdu, body, body_len, rssi, fx->user_data);
+ if (!l_queue_find(frame_xchgs, frame_xchg_match_ptr, fx))
+ return true;
+
if (done) {
/* NULL callback here since the caller is done */
fx->cb = NULL;
--
2.25.1
next reply other threads:[~2020-07-31 1:31 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-31 1:31 Andrew Zaborowski [this message]
2020-07-31 1:31 ` [PATCH 02/13] frame-xchg: Improve search for current frame in MLME notify Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 03/13] frame-xchg: Re-add frame_xchg_stop Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 04/13] station: Comment/whitespace fix Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 05/13] p2p: Retry connect on "Previous authentication not valid" Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 06/13] p2p: Add a null-check before use Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 07/13] p2p: Set p2p_own_wfd->available by default Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 08/13] p2p: Use a longer DHCP timeout Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 09/13] wfd-source: Print call trace on error Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 10/13] wfd-source: Support wfd-idr-request Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 11/13] wfd-source: Display some stream properties Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 12/13] wfd-source: Add stream utility buttons Andrew Zaborowski
2020-07-31 1:31 ` [PATCH 13/13] wfd-source: Allow alternative URLs in SETUP request Andrew Zaborowski
2020-07-31 15:40 ` [PATCH 01/13] frame-xchg: Fix potential use after free Denis Kenzior
2020-07-31 18:56 ` Andrew Zaborowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200731013136.65057-1-andrew.zaborowski@intel.com \
--to=andrew.zaborowski@intel.com \
--cc=iwd@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.