* [PATCH] wispr: Prevent use-after-free from __connman_wispr_stop()
[not found] <CGME20220524095332epcas1p43ec50919c2e0eac3b3b87c64b7c526ca@epcas1p4.samsung.com>
@ 2022-05-24 9:59 ` Seung-Woo Kim
2022-05-25 7:14 ` Daniel Wagner
0 siblings, 1 reply; 2+ messages in thread
From: Seung-Woo Kim @ 2022-05-24 9:59 UTC (permalink / raw)
To: connman; +Cc: sw0312.kim, jeik01.kim
From __connman_wispr_stop(), list element wispr_portal freed by
g_hash_table_remove() is accessed. Prevent the use-after-free by
accessing the list element before free.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---
src/wispr.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/src/wispr.c b/src/wispr.c
index 22ecd937e1fe..7d4a3f54b24b 100644
--- a/src/wispr.c
+++ b/src/wispr.c
@@ -1038,17 +1038,11 @@ void __connman_wispr_stop(struct connman_service *service)
if (!wispr_portal)
return;
- if (wispr_portal->ipv4_context) {
- if (service == wispr_portal->ipv4_context->service)
- g_hash_table_remove(wispr_portal_list,
- GINT_TO_POINTER(index));
- }
-
- if (wispr_portal->ipv6_context) {
- if (service == wispr_portal->ipv6_context->service)
- g_hash_table_remove(wispr_portal_list,
- GINT_TO_POINTER(index));
- }
+ if ((wispr_portal->ipv4_context &&
+ service == wispr_portal->ipv4_context->service) ||
+ (wispr_portal->ipv6_context &&
+ service == wispr_portal->ipv6_context->service))
+ g_hash_table_remove(wispr_portal_list, GINT_TO_POINTER(index));
}
int __connman_wispr_init(void)
--
2.19.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] wispr: Prevent use-after-free from __connman_wispr_stop()
2022-05-24 9:59 ` [PATCH] wispr: Prevent use-after-free from __connman_wispr_stop() Seung-Woo Kim
@ 2022-05-25 7:14 ` Daniel Wagner
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Wagner @ 2022-05-25 7:14 UTC (permalink / raw)
To: Seung-Woo Kim; +Cc: connman, jeik01.kim
On Tue, May 24, 2022 at 06:59:21PM +0900, Seung-Woo Kim wrote:
> From __connman_wispr_stop(), list element wispr_portal freed by
> g_hash_table_remove() is accessed. Prevent the use-after-free by
> accessing the list element before free.
>
> Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Good catch. Patch applied.
Thanks,
Daniel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-05-25 7:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <CGME20220524095332epcas1p43ec50919c2e0eac3b3b87c64b7c526ca@epcas1p4.samsung.com>
2022-05-24 9:59 ` [PATCH] wispr: Prevent use-after-free from __connman_wispr_stop() Seung-Woo Kim
2022-05-25 7:14 ` Daniel Wagner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.