Re: [PATCH] netdev: fix crash from not cancelling netdev_get

Wireless Daemon for Linux
 help / color / mirror / Atom feed

* Re: [PATCH] netdev: fix crash from not cancelling netdev_get_oci
@ 2022-02-07 19:52 Denis Kenzior
  0 siblings, 0 replies; 2+ messages in thread
From: Denis Kenzior @ 2022-02-07 19:52 UTC (permalink / raw)
  To: iwd 

[-- Attachment #1: Type: text/plain, Size: 1052 bytes --]

Hi James,

On 2/7/22 13:43, James Prestwood wrote:
> If netdev_connect_failed is called before netdev_get_oci_cb() the
> netdev's handshake will be destroyed and ultimately crash when the
> callback is called.
> 
> This patch moves the cancelation into netdev_connect_free rather than
> netdev_free.
> 
> ++++++++ backtrace ++++++++
> 0  0x7f4e1787d320 in /lib64/libc.so.6
> 1  0x42634c in handshake_state_set_chandef() at src/handshake.c:1057
> 2  0x40a11b in netdev_get_oci_cb() at src/netdev.c:2387
> 3  0x483d7b in process_unicast() at ell/genl.c:986
> 4  0x480d3c in io_callback() at ell/io.c:120
> 5  0x48004d in l_main_iterate() at ell/main.c:472 (discriminator 2)
> 6  0x4800fc in l_main_run() at ell/main.c:521
> 7  0x48032c in l_main_run_with_signal() at ell/main.c:649
> 8  0x403e95 in main() at src/main.c:532
> 9  0x7f4e17867b75 in /lib64/libc.so.6
> +++++++++++++++++++++++++++
> ---
>   src/netdev.c | 10 +++++-----
>   1 file changed, 5 insertions(+), 5 deletions(-)
> 

Applied, thanks.

Regards,
-Denis

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [PATCH] netdev: fix crash from not cancelling netdev_get_oci
@ 2022-02-07 19:43 James Prestwood
  0 siblings, 0 replies; 2+ messages in thread
From: James Prestwood @ 2022-02-07 19:43 UTC (permalink / raw)
  To: iwd 

[-- Attachment #1: Type: text/plain, Size: 1721 bytes --]

If netdev_connect_failed is called before netdev_get_oci_cb() the
netdev's handshake will be destroyed and ultimately crash when the
callback is called.

This patch moves the cancelation into netdev_connect_free rather than
netdev_free.

++++++++ backtrace ++++++++
0  0x7f4e1787d320 in /lib64/libc.so.6
1  0x42634c in handshake_state_set_chandef() at src/handshake.c:1057
2  0x40a11b in netdev_get_oci_cb() at src/netdev.c:2387
3  0x483d7b in process_unicast() at ell/genl.c:986
4  0x480d3c in io_callback() at ell/io.c:120
5  0x48004d in l_main_iterate() at ell/main.c:472 (discriminator 2)
6  0x4800fc in l_main_run() at ell/main.c:521
7  0x48032c in l_main_run_with_signal() at ell/main.c:649
8  0x403e95 in main() at src/main.c:532
9  0x7f4e17867b75 in /lib64/libc.so.6
+++++++++++++++++++++++++++
---
 src/netdev.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index cda0c7fc..bac6860c 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -838,6 +838,11 @@ static void netdev_connect_free(struct netdev *netdev)
 		netdev->disconnect_cmd_id = 0;
 	}
 
+	if (netdev->get_oci_cmd_id) {
+		l_genl_family_cancel(nl80211, netdev->get_oci_cmd_id);
+		netdev->get_oci_cmd_id = 0;
+	}
+
 	if (netdev->ft_ds_list) {
 		l_queue_destroy(netdev->ft_ds_list, netdev_ft_ds_entry_free);
 		netdev->ft_ds_list = NULL;
@@ -949,11 +954,6 @@ static void netdev_free(void *data)
 		netdev->get_station_cmd_id = 0;
 	}
 
-	if (netdev->get_oci_cmd_id) {
-		l_genl_family_cancel(nl80211, netdev->get_oci_cmd_id);
-		netdev->get_oci_cmd_id = 0;
-	}
-
 	if (netdev->fw_roam_bss)
 		scan_bss_free(netdev->fw_roam_bss);
 
-- 
2.31.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-02-07 19:52 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-02-07 19:52 [PATCH] netdev: fix crash from not cancelling netdev_get_oci Denis Kenzior
  -- strict thread matches above, loose matches on Subject: below --
2022-02-07 19:43 James Prestwood

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox