From 75d53cc9fc396358b6cf1360350ab73cbe398a4f Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Sat, 20 Oct 2018 05:11:43 +0200 Subject: [PATCH] wifi/iwd: add a sanity check for duplicate Networks on DBus Sanity check networks received from the Station.GetOrderedNetworks() DBus method. Duplicates shouldn't happen but the code should be safe against bogus data received over DBus. There was a recent bug in a library used by IWD causing occasional duplicates to be returned which would cause invalid memory accesses reported by valgrind in NM because g_hash_table_insert would free what we passed as the key. --- src/devices/wifi/nm-device-iwd.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/devices/wifi/nm-device-iwd.c b/src/devices/wifi/nm-device-iwd.c index b71fc30a37..8fb1f269e5 100644 --- a/src/devices/wifi/nm-device-iwd.c +++ b/src/devices/wifi/nm-device-iwd.c @@ -233,7 +233,11 @@ vardict_from_network_type (const char *type) } static void -insert_ap_from_network (GHashTable *aps, const char *path, int16_t signal, uint32_t ap_id) +insert_ap_from_network (NMDeviceIwd *self, + GHashTable *aps, + const char *path, + int16_t signal, + uint32_t ap_id) { gs_unref_object GDBusProxy *network_proxy = NULL; gs_unref_variant GVariant *name_value = NULL, *type_value = NULL; @@ -244,6 +248,11 @@ insert_ap_from_network (GHashTable *aps, const char *path, int16_t signal, uint3 uint8_t bssid[6]; NMWifiAP *ap; + if (g_hash_table_lookup (aps, path)) { + _LOGD (LOGD_WIFI, "Duplicate network at %s", path); + return; + } + network_proxy = nm_iwd_manager_get_dbus_interface (nm_iwd_manager_get (), path, NM_IWD_NETWORK_INTERFACE); @@ -350,10 +359,10 @@ get_ordered_networks_cb (GObject *source, GAsyncResult *res, gpointer user_data) if (compat) { while (g_variant_iter_next (networks, "(&o&sn&s)", &path, &name, &signal, &type)) - insert_ap_from_network (new_aps, path, signal, ap_id++); + insert_ap_from_network (self, new_aps, path, signal, ap_id++); } else { while (g_variant_iter_next (networks, "(&on)", &path, &signal)) - insert_ap_from_network (new_aps, path, signal, ap_id++); + insert_ap_from_network (self, new_aps, path, signal, ap_id++); } g_variant_iter_free (networks);