sysmocom
/
ofono
mirror of git://git.sysmocom.de/ofono
11
0
Fork 0
Code Issues Releases Activity

network: Fix crash caused by empty Scan() results 

When issuing a Scan() in poor reception while attached to an operator it's
fully possible to get no results, which causes the attached operator to be
cleaned up. In certain scenarios this would cause a use-after-free as there
are still references to this operator.
Transfer the attached operator to the new list regardless of removal caused
by the Scan() results.
This commit is contained in:
John Ernberg 2016-01-07 10:46:21 +00:00 committed by Denis Kenzior
parent 6df0655aa3
commit c331d72d1d
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/network.c
View File

@ -710,6 +710,7 @@ static gboolean update_operator_list(struct ofono_netreg *netreg, int total,
GSList *o;
GSList *compressed;
GSList *c;
struct network_operator_data *current_op = NULL;
gboolean changed = FALSE;
compressed = compress_operator_list(list, total);
@ -754,8 +755,19 @@ static gboolean update_operator_list(struct ofono_netreg *netreg, int total,
if (netreg->operator_list)
changed = TRUE;
for (o = netreg->operator_list; o; o = o->next)
network_operator_dbus_unregister(netreg, o->data);
for (o = netreg->operator_list; o; o = o->next) {
struct network_operator_data *op = o->data;
if (op != op->netreg->current_operator)
network_operator_dbus_unregister(netreg, op);
else
current_op = op;
}
if (current_op) {
n = g_slist_prepend(n, current_op);
netreg->operator_list =
g_slist_remove(netreg->operator_list, current_op);
}
g_slist_free(netreg->operator_list);