From patchwork Sun May 15 05:13:27 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eyal Birger <eyal.birger@gmail.com>
X-Patchwork-Id: 622348
Return-Path: <openwrt-devel-bounces@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from arrakis.dune.hu (caladan.dune.hu [78.24.191.180])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3r6sFZ3VXzz9t5P
	for <incoming@patchwork.ozlabs.org>;
	Sun, 15 May 2016 15:13:54 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=vluahMwh;
	dkim-atps=neutral
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id F06DDB805D4;
	Sun, 15 May 2016 07:13:46 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on arrakis.dune.hu
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.1
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP;
	Sun, 15 May 2016 07:13:46 +0200 (CEST)
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id 4CE37B805C3
	for <openwrt-devel@lists.openwrt.org>;
	Sun, 15 May 2016 07:13:43 +0200 (CEST)
X-policyd-weight: using cached result; rate: -7
Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com
	[74.125.82.65]) by arrakis.dune.hu (Postfix) with ESMTPS
	for <openwrt-devel@lists.openwrt.org>;
	Sun, 15 May 2016 07:13:42 +0200 (CEST)
Received: by mail-wm0-f65.google.com with SMTP id e201so11410603wme.2
	for <openwrt-devel@lists.openwrt.org>;
	Sat, 14 May 2016 22:13:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=cIiIZDbhE0j831k/G5CSkzzmwunRO08wV1XuHRYEaQ4=;
	b=vluahMwhIwxp5jddCqgw7cLxxeOBulJfDarUeFygpskiUQULoRLytNfnEJpW9IYeAr
	cD3weCabbiraCfS4Fi49C8BGW2w5a62Wijdo1ZeAlx4e+gvP9OXTHWHu3yiLbRhCuZjp
	j3vw7+fc8L2Vvd9/xHg6mv4NReryNv29ELuGnwwrqOaiOXi2WsBmcd/uxYPWaNZNy+VJ
	3BfcT59FlVpTSugPHKHQ+vV4nxbVf4M6RW56FC1w5gvY6TiPRMi9CwXV9ABXKEb7LxHB
	zJKjp3nfxNnTpGLD3z/pMFrJ09+He0tWm2IucmMMRG41ZX/Ml0OtWyhmu+q7OJg8Ee15
	NQkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=cIiIZDbhE0j831k/G5CSkzzmwunRO08wV1XuHRYEaQ4=;
	b=S8HQ5LQkPabV6eOHfEaeY3McbEyz0AycIlY8uoYfH5JAbXuyCXAlYDS3J/o22sAC2g
	Tv2BkBfiKYGvDwkWAH10xXKvYrfQOaD5I9R9Fm1YHGO0yjZConzGUuE5pAwORCcCssxu
	Q3RfWRo8iDA4WU8x7rzd5FXE6tTCCoRqgarKm9FicYQCP2AWUQ/FdLvI4BJ5cTiNxzrv
	9IGxLY1u8RwHTEAxSJdGmSv8nky2rmjkROcHoO1m1CdJDhs2QiLnx2Tk6Lsx046MDuRK
	0/AjjD24cqAw7AsQ5Ekx7jA6wZUOXu8UCFOnYSoek6yqBN26ghrb3FsVsBmbSCn5L/L/
	kFrQ==
X-Gm-Message-State: 
 AOPr4FXdBHePaKF1VNj0YAONtaXDlmnx4eyEf8X/JtOuB8I/RF5JNPXe0bcSUzBIE6QBew==
X-Received: by 10.28.126.145 with SMTP id z139mr10859026wmc.81.1463289222147;
	Sat, 14 May 2016 22:13:42 -0700 (PDT)
Received: from netad9sh4952.netanya.eu.thmulti.com
	(bzq-82-81-139-70.red.bezeqint.net. [82.81.139.70])
	by smtp.gmail.com with ESMTPSA id
	f11sm11525775wmf.22.2016.05.14.22.13.40
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Sat, 14 May 2016 22:13:41 -0700 (PDT)
From: Eyal Birger <eyal.birger@gmail.com>
To: openwrt-devel@lists.openwrt.org
Date: Sun, 15 May 2016 08:13:27 +0300
Message-Id: <1463289207-6602-1-git-send-email-eyal.birger@gmail.com>
X-Mailer: git-send-email 1.9.1
Subject: [OpenWrt-Devel] [PATCH] libubus: nullify stale msgbuf pointer in
	case of ubus_connect_ctx() failure
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: openwrt-devel-bounces@lists.openwrt.org
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

If the ubus_reconnect() call fails in ubus_connect_ctx(), the msgbuf.data
newly allocated buffer is freed, but its pointer in the ubus_context is not
removed.

This leads to a double free error if ubus_auto_shutdown() is called for cleanup
after ubus_auto_connect() failed to connect to ubusd.

Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
---
 libubus.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libubus.c b/libubus.c
index d52faff..8163ff7 100644
--- a/libubus.c
+++ b/libubus.c
@@ -294,6 +294,7 @@ int ubus_connect_ctx(struct ubus_context *ctx, const char *path)
 	avl_init(&ctx->objects, ubus_cmp_id, false, NULL);
 	if (ubus_reconnect(ctx, path)) {
 		free(ctx->msgbuf.data);
+		ctx->msgbuf.data = NULL;
 		return -1;
 	}