3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-27 02:32:52 +01:00

watchlist: fix stale watchlist item processing

All the watchlist notify macros were broken in that they did not check
that the watchlist item was still valid before calling it. This only
came into play when a watchlist was being notified and one of the notify
functions removed an item from the same watchlist. It appears this was
already thought of since watchlist_remove checks 'in_notify' and will
mark the item's id as stale (0), but that id never got checked in the
notify macros.

This fixes testAdHoc valgrind warning:

==3347== Invalid read of size 4
==3347==    at 0x416612: eapol_rx_auth_packet (eapol.c:1871)
==3347==    by 0x416DD4: __eapol_rx_packet (eapol.c:2334)
==3347==    by 0x40725B: netdev_pae_read (netdev.c:3515)
==3347==    by 0x440958: io_callback (io.c:123)
==3347==    by 0x43FDED: l_main_iterate (main.c:376)
==3347==    by 0x43FEAB: l_main_run (main.c:423)
==3347==    by 0x40377A: main (main.c:489)
...
This commit is contained in:
James Prestwood 2018-09-19 12:14:53 -07:00 committed by Denis Kenzior
parent ba248e028e
commit 74b8b6d65c

View File

@ -66,6 +66,8 @@ void __watchlist_prune_stale(struct watchlist *watchlist);
for (; entry; entry = entry->next) { \
struct watchlist_item *item = entry->data; \
type t = item->notify; \
if (item->id == 0) \
continue; \
t(args, item->notify_data); \
} \
(watchlist)->in_notify = false; \
@ -83,6 +85,8 @@ void __watchlist_prune_stale(struct watchlist *watchlist);
struct watchlist_item *item = entry->data; \
type t = item->notify; \
\
if (item->id == 0) \
continue; \
if (!match(item, match_data)) \
continue; \
\
@ -102,6 +106,8 @@ void __watchlist_prune_stale(struct watchlist *watchlist);
for (; entry; entry = entry->next) { \
struct watchlist_item *item = entry->data; \
type t = item->notify; \
if (item->id == 0) \
continue; \
t(item->notify_data); \
} \
(watchlist)->in_notify = false; \