All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] wispr: Prevent use-after-free from __connman_wispr_stop()
       [not found] <CGME20220524095332epcas1p43ec50919c2e0eac3b3b87c64b7c526ca@epcas1p4.samsung.com>
@ 2022-05-24  9:59 ` Seung-Woo Kim
  2022-05-25  7:14   ` Daniel Wagner
  0 siblings, 1 reply; 2+ messages in thread
From: Seung-Woo Kim @ 2022-05-24  9:59 UTC (permalink / raw)
  To: connman; +Cc: sw0312.kim, jeik01.kim

From __connman_wispr_stop(), list element wispr_portal freed by
g_hash_table_remove() is accessed. Prevent the use-after-free by
accessing the list element before free.

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---
 src/wispr.c | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/src/wispr.c b/src/wispr.c
index 22ecd937e1fe..7d4a3f54b24b 100644
--- a/src/wispr.c
+++ b/src/wispr.c
@@ -1038,17 +1038,11 @@ void __connman_wispr_stop(struct connman_service *service)
 	if (!wispr_portal)
 		return;
 
-	if (wispr_portal->ipv4_context) {
-		if (service == wispr_portal->ipv4_context->service)
-			g_hash_table_remove(wispr_portal_list,
-					GINT_TO_POINTER(index));
-	}
-
-	if (wispr_portal->ipv6_context) {
-		if (service == wispr_portal->ipv6_context->service)
-			g_hash_table_remove(wispr_portal_list,
-					GINT_TO_POINTER(index));
-	}
+	if ((wispr_portal->ipv4_context &&
+	     service == wispr_portal->ipv4_context->service) ||
+	    (wispr_portal->ipv6_context &&
+	     service == wispr_portal->ipv6_context->service))
+		g_hash_table_remove(wispr_portal_list, GINT_TO_POINTER(index));
 }
 
 int __connman_wispr_init(void)
-- 
2.19.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] wispr: Prevent use-after-free from __connman_wispr_stop()
  2022-05-24  9:59 ` [PATCH] wispr: Prevent use-after-free from __connman_wispr_stop() Seung-Woo Kim
@ 2022-05-25  7:14   ` Daniel Wagner
  0 siblings, 0 replies; 2+ messages in thread
From: Daniel Wagner @ 2022-05-25  7:14 UTC (permalink / raw)
  To: Seung-Woo Kim; +Cc: connman, jeik01.kim

On Tue, May 24, 2022 at 06:59:21PM +0900, Seung-Woo Kim wrote:
> From __connman_wispr_stop(), list element wispr_portal freed by
> g_hash_table_remove() is accessed. Prevent the use-after-free by
> accessing the list element before free.
> 
> Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>

Good catch. Patch applied.

Thanks,
Daniel

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-05-25  7:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CGME20220524095332epcas1p43ec50919c2e0eac3b3b87c64b7c526ca@epcas1p4.samsung.com>
2022-05-24  9:59 ` [PATCH] wispr: Prevent use-after-free from __connman_wispr_stop() Seung-Woo Kim
2022-05-25  7:14   ` Daniel Wagner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.