It is possible that ipdevice does not contain ipconfig for
some reason. If that happens, then ipconfig is not removed
from ipconfig_list which will then escalate into freed memory
access when interface is taken down.
The problem was seen with valgrind when tethering was enabled
and then disabled for wifi.
---
src/ipconfig.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/ipconfig.c b/src/ipconfig.c
index b472990..f817699 100644
--- a/src/ipconfig.c
+++ b/src/ipconfig.c
@@ -1330,7 +1330,8 @@ void connman_ipconfig_unref(struct connman_ipconfig
*ipconfig)
if (__sync_fetch_and_sub(&ipconfig->refcount, 1) != 1)
return;
- __connman_ipconfig_disable(ipconfig);
+ if (__connman_ipconfig_disable(ipconfig) < 0)
+ ipconfig_list = g_list_remove(ipconfig_list, ipconfig);
connman_ipconfig_set_ops(ipconfig, NULL);
--
1.7.1
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
