server_create_socket() may fail for some reason before the cache hash
table is created. In this case destroy_server() should not schedule a
timeout for deallocating the cache; if it does, cache_refcount may
become negative and an attempt to create the cache later on will not
work properly, leading to a null pointer crash when trying to use the
cache.
---
src/dnsproxy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/dnsproxy.c b/src/dnsproxy.c
index 741cd45..bdd7fd5 100644
--- a/src/dnsproxy.c
+++ b/src/dnsproxy.c
@@ -2204,7 +2204,8 @@ static void destroy_server(struct server_data *server)
* without any good reason. The small delay allows the new RDNSS to
* create a new DNS server instance and the refcount does not go to 0.
*/
- g_timeout_add_seconds(3, try_remove_cache, NULL);
+ if (cache)
+ g_timeout_add_seconds(3, try_remove_cache, NULL);
g_free(server);
}
--
1.9.1
_______________________________________________
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
