Mercurial > hg > dhcpcd

changeset 4554:8c493d779d03 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
arp: Fix a crash when dhcpcd forks or an interface removed Because we try and free the ARP state when dhcpcd forks or an interface is removed, the loop to work out the next state to free could return invalid memory. So test we have an ARP state each time we iterate and free.
author Roy Marples <roy@marples.name>
date Tue, 16 Jul 2019 10:53:35 +0100
parents 8289f982fb87
children 93b4eb29d297
files src/arp.c
diffstat 1 files changed, 2 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/arp.c	Mon Jul 15 17:13:43 2019 +0100
+++ b/src/arp.c	Tue Jul 16 10:53:35 2019 +0100
@@ -615,13 +615,9 @@
 	struct iarp_state *state;
 	struct arp_state *astate;
 
-	state = ARP_STATE(ifp);
-	if (state == NULL)
-		return;
-
-	while ((astate = TAILQ_FIRST(&state->arp_states)) != NULL) {
+	while ((state = ARP_STATE(ifp)) != NULL &&
+	    (astate = TAILQ_FIRST(&state->arp_states)) != NULL)
 		arp_free(astate);
-	}
 
 	/* No need to close because the last free will close */
 }