connman Digest, Vol 8, Issue 25

Fri, 17 Jun 2016 11:59:51 -0700 

Send connman mailing list submissions to
        [email protected]

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
        [email protected]

You can reach the person managing the list at
        [email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."


Today's Topics:

   1. [PATCH] dhcp: remove the possible remaining dhcp_retry_cb
      timer (Harish Jenny K N)


----------------------------------------------------------------------

Message: 1
Date: Fri, 17 Jun 2016 18:19:17 +0200
From: Harish Jenny K N <[email protected]>
To: <[email protected]>
Subject: [PATCH] dhcp: remove the possible remaining dhcp_retry_cb
        timer
Message-ID:
        <[email protected]>
Content-Type: text/plain

In the following scenario:

1. no_lease_cb() is called
 dhcp->ipv4ll_client = ipv4ll_client;
 err = g_dhcp_client_start(dhcp->ipv4ll_client, NULL);
 ipv4ll_start(dhcp_client);

2. switch_listening_mode
--> listener_event

3. listener_event
 --> ipv4ll_recv_arp_packet
---> no_lease_cb
---- > creates a new timeout (dhcp->timeout) without removing the old timeout

Logs:
src/dhcp.c:no_lease_cb() No lease available ipv4ll 0 client (nil)
src/dhcp.c:no_lease_cb() No lease available ipv4ll 1 client 0x1d1e808
src/dhcp.c:dhcp_release() dhcp 0x1d14980

There is a possibility if dhcp_retry_cb() Timeout is not called before first
no_lease_cb, then the old timer is not removed before creating the new one.
We are not sure if the dhcp object will be alive when the first timeout fires.
This could result in a potential crash.

This patch adds a defensive check to remove the potential existing timer
before creating a new one.

---
 src/dhcp.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/dhcp.c b/src/dhcp.c
index 54d98db..57e7ac9 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -256,6 +256,9 @@ static void no_lease_cb(GDHCPClient *dhcp_client, gpointer 
user_data)
        DBG("No lease available ipv4ll %d client %p", ipv4ll_running,
                dhcp->ipv4ll_client);
 
+       if (dhcp->timeout > 0)
+               g_source_remove(dhcp->timeout);
+
        dhcp->timeout = g_timeout_add_seconds(RATE_LIMIT_INTERVAL,
                                                dhcp_retry_cb,
                                                dhcp);
-- 
1.7.9.5




------------------------------

Subject: Digest Footer

_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman


------------------------------

End of connman Digest, Vol 8, Issue 25
**************************************

Reply via email to