fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-30 15:30:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

core: fix use after free in ping operations

Browse source 
Detected by coverity, the ping_op pointers are used after being freed in
cleanup_ping_operations. Although calling to g_list_remove is probably
safe because it only needs the value of the pointer, not to dereference
it, better to follow best practices. One of the use after free was
actually an error because we dereference ping_op->log_domain.

Fixes: 658aef0fa1 ('connection: Support connection.ip-ping-addresses')
This commit is contained in:
Íñigo Huguet 2025-04-02 10:16:15 +02:00 committed by Íñigo Huguet
parent 42edb37499
commit ae7de5b353
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/core/devices/nm-device.c
View file

@ -15122,8 +15122,8 @@ respawn_ping_cb(gpointer user_data)
nm_clear_g_source_inst(&ping_op->watch);
if (!spawn_ping_for_operation(self, ping_op)) {
cleanup_ping_operation(ping_op);
priv->ping_operations = g_list_remove(priv->ping_operations, ping_op);
cleanup_ping_operation(ping_op);
if (g_list_length(priv->ping_operations) == 0) {
ip_check_pre_up(self);
@ -15166,7 +15166,6 @@ ip_check_ping_watch_cb(GPid pid, int status, gpointer user_data)
if (success) {
if (ping_op->ping_addresses_require_all) {
cleanup_ping_operation(ping_op);
priv->ping_operations = g_list_remove(priv->ping_operations, ping_op);
if (g_list_length(priv->ping_operations) == 0) {
_LOGD(ping_op->log_domain,
@ -15176,6 +15175,7 @@ ip_check_ping_watch_cb(GPid pid, int status, gpointer user_data)
nm_clear_g_source_inst(&priv->ping_timeout);
ip_check_pre_up(self);
}
cleanup_ping_operation(ping_op);
} else {
nm_assert(priv->ping_operations);