fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-10 04:40:20 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

core: fix use after free in ping operations

Browse source 
Detected by coverity, the ping_op pointers are used after being freed in
cleanup_ping_operations. Although calling to g_list_remove is probably
safe because it only needs the value of the pointer, not to dereference
it, better to follow best practices. One of the use after free was
actually an error because we dereference ping_op->log_domain.

Fixes: 658aef0fa1 ('connection: Support connection.ip-ping-addresses')
(cherry picked from commit ae7de5b353)
This commit is contained in:
Íñigo Huguet 2025-04-02 10:16:15 +02:00 committed by Beniamino Galvani
parent ca39902cee
commit d19068c9e3
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/core/devices/nm-device.c
View file

@ -15088,8 +15088,8 @@ respawn_ping_cb(gpointer user_data)
nm_clear_g_source_inst(&ping_op->watch);
if (!spawn_ping_for_operation(self, ping_op)) {
cleanup_ping_operation(ping_op);
priv->ping_operations = g_list_remove(priv->ping_operations, ping_op);
cleanup_ping_operation(ping_op);
if (g_list_length(priv->ping_operations) == 0) {
ip_check_pre_up(self);
@ -15132,7 +15132,6 @@ ip_check_ping_watch_cb(GPid pid, int status, gpointer user_data)
if (success) {
if (ping_op->ping_addresses_require_all) {
cleanup_ping_operation(ping_op);
priv->ping_operations = g_list_remove(priv->ping_operations, ping_op);
if (g_list_length(priv->ping_operations) == 0) {
_LOGD(ping_op->log_domain,
@ -15142,6 +15141,7 @@ ip_check_ping_watch_cb(GPid pid, int status, gpointer user_data)
nm_clear_g_source_inst(&priv->ping_timeout);
ip_check_pre_up(self);
}
cleanup_ping_operation(ping_op);
} else {
nm_assert(priv->ping_operations);