summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeung-Woo Kim <sw0312.kim@samsung.com>2022-05-24 18:59:21 +0900
committerJaehyun Kim <jeik01.kim@samsung.com>2022-05-27 07:57:18 +0000
commitd208c619ca5d8585dd9bd55f3071a921ba253266 (patch)
tree879df28c0b1aff09919e8ddbf262250636c42863
parent61927f889571d22336196a189e7706a6483c7db7 (diff)
downloadconnman-tizen.tar.gz
connman-tizen.tar.bz2
connman-tizen.zip
wispr: Prevent use-after-free from __connman_wispr_stop()HEADsubmit/tizen/20220527.121228tizen
From __connman_wispr_stop(), list element wispr_portal freed by g_hash_table_remove() is accessed. Prevent the use-after-free by accessing the list element before free. Change-Id: I17fdb38c1d9a0f8dd2980c33d3f78f319f504ed6
-rwxr-xr-xsrc/wispr.c16
1 files changed, 5 insertions, 11 deletions
diff --git a/src/wispr.c b/src/wispr.c
index fb101a1d..4674ae47 100755
--- a/src/wispr.c
+++ b/src/wispr.c
@@ -1047,17 +1047,11 @@ void __connman_wispr_stop(struct connman_service *service)
if (!wispr_portal)
return;
- if (wispr_portal->ipv4_context) {
- if (service == wispr_portal->ipv4_context->service)
- g_hash_table_remove(wispr_portal_list,
- GINT_TO_POINTER(index));
- }
-
- if (wispr_portal->ipv6_context) {
- if (service == wispr_portal->ipv6_context->service)
- g_hash_table_remove(wispr_portal_list,
- GINT_TO_POINTER(index));
- }
+ if ((wispr_portal->ipv4_context &&
+ service == wispr_portal->ipv4_context->service) ||
+ (wispr_portal->ipv6_context &&
+ service == wispr_portal->ipv6_context->service))
+ g_hash_table_remove(wispr_portal_list, GINT_TO_POINTER(index));
}
int __connman_wispr_init(void)