Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(770)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 5255012: flimflam: fix use-after-free of hidden network (Closed)

Created:
10 years ago by Sam Leffler
Modified:
9 years, 7 months ago
Reviewers:
Paul Stewart
CC:
chromium-os-reviews_chromium.org, sleffler+cc_chromium.org, Nathan Williams, Eric Shienbrood, Jason Glasgow, rochberg, Paul Stewart
Visibility:
Public.

Description

flimflam: fix use-after-free of hidden network When a hidden network fails to connect the cleanup work reclaims the network block prematurely causing multiple references after memory is free'd. Fix this by holding a reference over the code that might free the state and also do not do a deferred update of the device state if the network is unregistered as this is guaranteed to fail and unneeded because device state cleanup is already handled at a higher level. This case can easily be reproduced by connecting to non-existent network; on timeout badness happens as described above. BUG=chromium-os:8871, chromium-os:8587 (and probably others) TEST=manual:see above (done under gdb and with wifi+network+service msgs) Committed: http://chrome-svn/viewvc/chromeos?view=rev&revision=51c10a9

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+9 lines, -10 lines) Patch
M plugins/newwifi.c View 1 chunk +1 line, -0 lines 0 comments Download
M src/network.c View 1 chunk +8 lines, -10 lines 0 comments Download

Messages

Total messages: 2 (0 generated)
Sam Leffler
10 years ago (2010-11-30 22:52:35 UTC) #1
Paul Stewart
10 years ago (2010-11-30 23:27:10 UTC) #2 
LGTM.  BTW, your BUG= lines create links to the chromium bug database, not
chromium-os.  Please use "BUG=chromium-os:8871,chromium-os:8587" instead.

Powered by Google App Engine
This is Rietveld 408576698