jeka
/
utun2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Fix: Segfault in test_routing_mesh during cleanup 

In pn_deinit(), cancel waiter on etcp->input_queue and clear callback
on etcp->output_queue before freeing PKTNORM structure. This prevents
use-after-free when drain_and_free_fragment_queue() triggers
check_waiters() during etcp_connection_close().
nodeinfo-routing-update
Evgeny 2 months ago
parent
a5818d9cc4
commit
7781c4676b
1 changed files with 11 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      src/pkt_normalizer.c

11
src/pkt_normalizer.c
Unescape View File

@ -108,6 +108,17 @@ void pn_deinit(struct PKTNORM* pn) {
queue_entry_free(pn->recvpart);
}
// Cancel waiter and clear callbacks on ETCP queues to prevent use-after-free
// during etcp_connection_close() when drain_and_free_fragment_queue() is called
if (pn->etcp) {
if (pn->etcp->input_queue) {
queue_cancel_wait(pn->etcp->input_queue, &pn->etcp->input_queue->waiter);
}
if (pn->etcp->output_queue) {
queue_set_callback(pn->etcp->output_queue, NULL, NULL);
}
}
free(pn);
}

Write Preview
Loading…
Cancel
Save