Freeing dhcp in dhcp_invalidate is causing invalid reads in
ipv4ll_available_cb, called by annouce timeout. Just freeing
the dhcp struct, when dhcp is stopped is more suitable.
---
src/dhcp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/dhcp.c b/src/dhcp.c
index e4bac67..5f40c1b 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -143,7 +143,6 @@ out:
g_hash_table_remove(network_table, dhcp->network);
connman_network_unref(dhcp->network);
- dhcp_free(dhcp);
}
static void dhcp_valid(struct connman_dhcp *dhcp)
@@ -627,6 +626,7 @@ void __connman_dhcp_stop(struct connman_network *network)
if (dhcp) {
dhcp_release(dhcp);
dhcp_invalidate(dhcp, false);
+ dhcp_free(dhcp);
}
}
--
1.8.3.2
_______________________________________________
connman mailing list
[email protected]
https://lists.connman.net/mailman/listinfo/connman
