dhcp: clear c_gateway and c_prefixlen before remove

Message ID	20240826113357.1794-1-sw0312.kim@samsung.com (mailing list archive)
State	Accepted
Commit	7a3ca6783ed234a1c11afcecc8d71dd286e5550b
Headers	show Received: from mailout4.samsung.com (mailout4.samsung.com [203.254.224.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E2BA153812 for <connman@lists.linux.dev>; Mon, 26 Aug 2024 11:34:05 +0000 (UTC) From: Seung-Woo Kim <sw0312.kim@samsung.com> To: connman@lists.linux.dev, denkenz@gmail.com Cc: wangfe@nestlabs.com, sw0312.kim@samsung.com, dh79.pyun@samsung.com Subject: [PATCH] dhcp: clear c_gateway and c_prefixlen before remove Date: Mon, 26 Aug 2024 20:33:57 +0900 Message-Id: <20240826113357.1794-1-sw0312.kim@samsung.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" CMS-TYPE: 101P DLP-Filter: Pass References: <CGME20240826113401epcas1p32f1a3cbc1306e7545b235d515343c62c@epcas1p3.samsung.com>
Series	dhcp: clear c_gateway and c_prefixlen before remove \| expand dhcp: clear c_gateway and c_prefixlen before remove

Message ID

20240826113357.1794-1-sw0312.kim@samsung.com (mailing list archive)

State

Accepted

Commit

7a3ca6783ed234a1c11afcecc8d71dd286e5550b

Headers

From: Seung-Woo Kim <sw0312.kim@samsung.com>
To: connman@lists.linux.dev, denkenz@gmail.com
Cc: wangfe@nestlabs.com, sw0312.kim@samsung.com, dh79.pyun@samsung.com
Subject: [PATCH] dhcp: clear c_gateway and c_prefixlen before remove
Date: Mon, 26 Aug 2024 20:33:57 +0900
Message-Id: <20240826113357.1794-1-sw0312.kim@samsung.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="utf-8"
CMS-TYPE: 101P
DLP-Filter: Pass
References: 
 <CGME20240826113401epcas1p32f1a3cbc1306e7545b235d515343c62c@epcas1p3.samsung.com>

Series

dhcp: clear c_gateway and c_prefixlen before remove | expand

Commit Message

Seung-Woo Kim Aug. 26, 2024, 11:33 a.m. UTC

Before calling __connman_ipconfig_address_remove(), for specific
ipconfig->method cases, clear c_gateway and c_prefixlen to
prevent use-after-free.

Fixes: d593e995c7c7 ("dhcp: Remove old IP and gateway address")
---
 src/dhcp.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Comments

patchwork-bot+connman@kernel.org Sept. 2, 2024, 8:40 a.m. UTC | #1

Hello:

This patch was applied to connman.git (master)
by Marcel Holtmann <marcel@holtmann.org>:

On Mon, 26 Aug 2024 20:33:57 +0900 you wrote:
> Before calling __connman_ipconfig_address_remove(), for specific
> ipconfig->method cases, clear c_gateway and c_prefixlen to
> prevent use-after-free.
> 
> Fixes: d593e995c7c7 ("dhcp: Remove old IP and gateway address")
> ---
>  src/dhcp.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)

Here is the summary with links:
  - dhcp: clear c_gateway and c_prefixlen before remove
    https://git.kernel.org/pub/scm/network/connman/connman.git/?id=7a3ca6783ed2

You are awesome, thank you!

diff --git a/src/dhcp.c b/src/dhcp.c
index 18dbab27151a..c84f1de410fb 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -471,9 +471,17 @@  static void lease_available_cb(GDHCPClient *dhcp_client, gpointer user_data)
 
 	DBG("c_address %s", c_address);
 
+	old_method = __connman_ipconfig_get_method(dhcp->ipconfig);
+
 	if (g_strcmp0(address, c_address)) {
 		ip_change = true;
 		if (c_address) {
+			if (old_method == CONNMAN_IPCONFIG_METHOD_AUTO ||
+			    old_method == CONNMAN_IPCONFIG_METHOD_DHCP) {
+				c_gateway = NULL;
+				c_prefixlen = 0;
+			}
+
 			/* Remove old ip address */
 			__connman_ipconfig_address_remove(dhcp->ipconfig);
 		}
@@ -487,7 +495,6 @@  static void lease_available_cb(GDHCPClient *dhcp_client, gpointer user_data)
 	} else if (prefixlen != c_prefixlen)
 		ip_change = true;
 
-	old_method = __connman_ipconfig_get_method(dhcp->ipconfig);
 	__connman_ipconfig_set_method(dhcp->ipconfig,
 						CONNMAN_IPCONFIG_METHOD_DHCP);

dhcp: clear c_gateway and c_prefixlen before remove

Commit Message

Comments

Patch