station: fix crash if affinities watch gets removed

Commit Message

James Prestwood Sept. 10, 2024, 6:47 p.m. UTC

If the affinity watch is removed by setting an empty list the
disconnect callback won't be called which was the only place
the watch ID was cleared. This resulted in the next SetProperty call
to think a watch existed, and attempt to compare the sender address
which would be NULL.

The watch ID should be cleared inside the destroy callback, not
the disconnect callback.
---
 src/station.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Denis Kenzior Sept. 11, 2024, 12:42 a.m. UTC | #1

Hi James,

On 9/10/24 1:47 PM, James Prestwood wrote:
> If the affinity watch is removed by setting an empty list the
> disconnect callback won't be called which was the only place
> the watch ID was cleared. This resulted in the next SetProperty call
> to think a watch existed, and attempt to compare the sender address
> which would be NULL.
> 
> The watch ID should be cleared inside the destroy callback, not
> the disconnect callback.
> ---
>   src/station.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 

applied, thanks.

Regards,
-Denis

Patch

diff --git a/src/station.c b/src/station.c
index 56a90f5f..44f5f771 100644
--- a/src/station.c
+++ b/src/station.c
@@ -4598,7 +4598,6 @@  static void station_affinity_disconnected_cb(struct l_dbus *dbus,
 	struct station *station = user_data;
 
 	l_dbus_remove_watch(dbus_get_bus(), station->affinity_watch);
-	station->affinity_watch = 0;
 
 	l_debug("client that set affinity has disconnected");
 
@@ -4611,6 +4610,8 @@  static void station_affinity_watch_destroy(void *user_data)
 	struct station *station = user_data;
 	bool empty = l_queue_length(station->affinities) == 0;
 
+	station->affinity_watch = 0;
+
 	l_free(station->affinity_client);
 	station->affinity_client = NULL;