diff options
| author | Harald Welte <laforge@gnumonks.org> | 2019-03-04 22:32:52 +0100 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2019-03-08 16:35:43 +0100 |
| commit | c0a0ec494ff2dfdf2a28f38b382505da72d405d4 (patch) | |
| tree | 2fffb93b18b5734128cb68227041dbb11fa62d0b | |
| parent | 3a2aa0975a4bdc005d424a70496ca85169a73817 (diff) | |
ipa: Make ipa_server_conn_destroy() re-entrant
In some situations, the user code called by the closed_cb call-back
might be tempted to call itself ipa_server_conn_destroy(), which would lead
to a double-llist_del during osmo_fd_unregister() and also a subsequent
double talloc_free(). Let's prevent such misuse by existing early in
such situations.
Change-Id: I0fef264ed5b4218906cdbca243ffa11b891025c6
| -rw-r--r-- | src/input/ipa.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/input/ipa.c b/src/input/ipa.c index e41ec42..25eeb4a 100644 --- a/src/input/ipa.c +++ b/src/input/ipa.c @@ -503,7 +503,12 @@ err: void ipa_server_conn_destroy(struct ipa_server_conn *conn) { + /* make the function re-entrant in case closed_cb() below somehow + * calls again into this destructor */ + if (conn->ofd.fd == -1) + return; close(conn->ofd.fd); + conn->ofd.fd = -1; msgb_free(conn->pending_msg); osmo_fd_unregister(&conn->ofd); if (conn->closed_cb) |