[PATCH] dnsproxy: Destroy list using g_list_free_full

Tue, 04 Mar 2014 03:29:24 -0800 

From: Daniel Wagner <[email protected]>

This is fixing the accessing after freed bug.

==3580== Invalid read of size 8
==3580==    at 0x494FE2: destroy_server (dnsproxy.c:1877)
==3580==    by 0x4961ED: remove_server (dnsproxy.c:2417)
==3580==    by 0x496291: __connman_dnsproxy_remove (dnsproxy.c:2434)
==3580==    by 0x462D4B: remove_entries (resolver.c:271)
==3580==    by 0x4635CF: connman_resolver_remove (resolver.c:523)
==3580==    by 0x44FDE4: remove_nameservers (service.c:933)
==3580==    by 0x450021: update_nameservers (service.c:1010)
==3580==    by 0x4505EC: __connman_service_nameserver_remove (service.c:1156)
==3580==    by 0x46EC33: dhcp_invalidate (dhcp.c:116)
==3580==    by 0x46FE7A: remove_network (dhcp.c:593)
==3580==    by 0x3919238519: g_hash_table_remove_internal (ghash.c:1276)
==3580==    by 0x46FF9B: __connman_dhcp_stop (dhcp.c:626)
==3580==  Address 0x4e8a318 is 8 bytes inside a block of size 24 free'd
==3580==    at 0x4A07577: free (in 
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3580==    by 0x391924EF7E: g_free (gmem.c:197)
==3580==    by 0x39192655CA: g_slice_free1 (gslice.c:1124)
==3580==    by 0x3919245543: g_list_remove (glist.c:480)
==3580==    by 0x494FC9: destroy_server (dnsproxy.c:1880)
==3580==    by 0x4961ED: remove_server (dnsproxy.c:2417)
==3580==    by 0x496291: __connman_dnsproxy_remove (dnsproxy.c:2434)
==3580==    by 0x462D4B: remove_entries (resolver.c:271)
==3580==    by 0x4635CF: connman_resolver_remove (resolver.c:523)
==3580==    by 0x44FDE4: remove_nameservers (service.c:933)
==3580==    by 0x450021: update_nameservers (service.c:1010)
==3580==    by 0x4505EC: __connman_service_nameserver_remove (service.c:1156)
==3580==
---
 src/dnsproxy.c | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/dnsproxy.c b/src/dnsproxy.c
index a5d6841..b17c9cb 100644
--- a/src/dnsproxy.c
+++ b/src/dnsproxy.c
@@ -1861,8 +1861,6 @@ static void server_destroy_socket(struct server_data 
*data)
 
 static void destroy_server(struct server_data *server)
 {
-       GList *list;
-
        DBG("index %d server %s sock %d", server->index, server->server,
                        server->channel ?
                        g_io_channel_unix_get_fd(server->channel): -1);
@@ -1874,12 +1872,7 @@ static void destroy_server(struct server_data *server)
                DBG("Removing DNS server %s", server->server);
 
        g_free(server->server);
-       for (list = server->domains; list; list = list->next) {
-               char *domain = list->data;
-
-               server->domains = g_list_remove(server->domains, domain);
-               g_free(domain);
-       }
+       g_list_free_full(server->domains, g_free);
        g_free(server->server_addr);
 
        /*
-- 
1.8.5.3

_______________________________________________
connman mailing list
[email protected]
https://lists.connman.net/mailman/listinfo/connman

Reply via email to