[PATCH v2] Don't double free cfg struct if netlink_init fails

Jouni Malinen j
Sat Nov 24 06:50:54 PST 2012

On Wed, Nov 21, 2012 at 01:46:23PM +0100, Pontus Fuchs wrote:
> If netlink_init fails on socket create or bind the cfg struct
> provided as parameter is freed by netlink_init. Callers of
> netlink_init also frees this struct on their error paths leading
> to double free.

Thanks! Applied.

> diff --git a/src/drivers/netlink.c b/src/drivers/netlink.c
> @@ -118,6 +117,7 @@ struct netlink_data * netlink_init(struct netlink_config *cfg)
> +	netlink->cfg = cfg;
>  	eloop_register_read_sock(netlink->sock, netlink_receive, netlink,
>  				 NULL);

Though, I reordered these operations since that
eloop_register_read_sock() could actually fail in theory and should that
ever be addressed by returning error here, it is better to avoid hitting
the same double free on the error path case accidentally at that point.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list