[PATCH 3/3] ippool.c: check for pool existence before attepting to access its collision callback

Otavio Salvador otavio at ossystems.com.br
Tue Feb 28 04:29:12 PST 2012


From: Mario Domenech Goulart <mario.goulart at gmail.com>

Without this check, connmand segfaulted on an environment with two
network interfaces.  Here are the last lines from the backtrace
obtained by running "connman -d -n":

connmand[779]: src/device.c:__connman_device_enable() device 0x99a4a38
connmand[779]: plugins/ethernet.c:ethernet_newlink() index 3 flags 69699 change 0
connmand[779]: src/rtnl.c:rtnl_message() buf 0xbfbc451c len 20
connmand[779]: src/rtnl.c:rtnl_message() DONE len 20 type 3 flags 0x0002 seq 0
connmand[779]: src/rtnl.c:process_response() seq 0
connmand[779]: src/rtnl.c:send_request() UNKNOWN len 17 type 22 flags 0x0301 seq 1
connmand[779]: src/rtnl.c:rtnl_message() buf 0xbfbc451c len 168
connmand[779]: src/rtnl.c:rtnl_message() NEWADDR len 48 type 20 flags 0x0002 seq 1
connmand[779]: src/ipconfig.c:__connman_ipconfig_newaddr() index 1
connmand[779]: src/rtnl.c:rtnl_message() NEWADDR len 60 type 20 flags 0x0002 seq 1
connmand[779]: src/ipconfig.c:__connman_ipconfig_newaddr() index 2
connmand[779]: eth0 {add} address 10.2.254.139/24 label eth0 family 2
connmand[779]: src/service.c:service_ip_bound() eth0 ip bound
connmand[779]: src/service.c:service_ip_bound() service 0x99a3e90 ipconfig 0x99a4088 type 1 method 4
connmand[779]: src/service.c:append_ipv4() ipv4 0x99a4088 state configuration
connmand[779]: src/service.c:append_ipv6() ipv6 0x99a40d8 state idle
connmand[779]: src/session.c:ipconfig_changed() service 0x99a3e90 ipconfig 0x99a4088
connmand[779]: src/rtnl.c:rtnl_message() NEWADDR len 60 type 20 flags 0x0002 seq 1
connmand[779]: src/ipconfig.c:__connman_ipconfig_newaddr() index 3
connmand[779]: eth1 {add} address 10.2.254.65/24 label eth1 family 2
connmand[779]: Aborting (signal 11) [connmand]
connmand[779]: ++++++++ backtrace ++++++++
Segmentation fault
---
 src/ippool.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/ippool.c b/src/ippool.c
index b513b09..58a0d28 100644
--- a/src/ippool.c
+++ b/src/ippool.c
@@ -296,7 +296,7 @@ update:
 		if (!(it->start <= info->start || info->start <= it->end))
 			continue;
 
-		if (it->pool->collision_cb != NULL)
+		if (it->pool != NULL && it->pool->collision_cb != NULL)
 			it->pool->collision_cb(it->pool, it->pool->user_data);
 
 		return;
-- 
1.7.9.1




More information about the connman mailing list